├── installer ├── .gitignore ├── vendor │ ├── github.com │ │ ├── modern-go │ │ │ ├── reflect2 │ │ │ │ ├── reflect2_amd64.s │ │ │ │ ├── relfect2_386.s │ │ │ │ ├── relfect2_arm.s │ │ │ │ ├── relfect2_arm64.s │ │ │ │ ├── relfect2_mipsx.s │ │ │ │ ├── relfect2_s390x.s │ │ │ │ ├── relfect2_amd64p32.s │ │ │ │ ├── relfect2_mips64x.s │ │ │ │ ├── relfect2_ppc64x.s │ │ │ │ ├── .gitignore │ │ │ │ ├── go_below_17.go │ │ │ │ ├── go_above_17.go │ │ │ │ ├── .travis.yml │ │ │ │ ├── go_below_19.go │ │ │ │ ├── go_above_19.go │ │ │ │ ├── test.sh │ │ │ │ ├── Gopkg.lock │ │ │ │ ├── Gopkg.toml │ │ │ │ └── safe_struct.go │ │ │ └── concurrent │ │ │ │ ├── .gitignore │ │ │ │ ├── .travis.yml │ │ │ │ ├── go_above_19.go │ │ │ │ ├── test.sh │ │ │ │ ├── log.go │ │ │ │ ├── executor.go │ │ │ │ └── go_below_19.go │ │ ├── spf13 │ │ │ └── pflag │ │ │ │ ├── .gitignore │ │ │ │ └── .travis.yml │ │ ├── google │ │ │ └── gofuzz │ │ │ │ ├── go.mod │ │ │ │ ├── .travis.yml │ │ │ │ └── doc.go │ │ ├── json-iterator │ │ │ └── go │ │ │ │ ├── .codecov.yml │ │ │ │ ├── .gitignore │ │ │ │ ├── .travis.yml │ │ │ │ ├── test.sh │ │ │ │ ├── build.sh │ │ │ │ ├── Gopkg.lock │ │ │ │ └── Gopkg.toml │ │ └── gogo │ │ │ └── protobuf │ │ │ ├── AUTHORS │ │ │ └── CONTRIBUTORS │ ├── golang.org │ │ └── x │ │ │ ├── net │ │ │ ├── http2 │ │ │ │ ├── .gitignore │ │ │ │ ├── Makefile │ │ │ │ ├── not_go111.go │ │ │ │ ├── README │ │ │ │ └── go111.go │ │ │ ├── AUTHORS │ │ │ └── CONTRIBUTORS │ │ │ └── text │ │ │ ├── AUTHORS │ │ │ ├── CONTRIBUTORS │ │ │ └── secure │ │ │ └── bidirule │ │ │ ├── bidirule10.0.0.go │ │ │ └── bidirule9.0.0.go │ ├── gopkg.in │ │ └── yaml.v2 │ │ │ ├── go.mod │ │ │ ├── .travis.yml │ │ │ ├── NOTICE │ │ │ └── writerc.go │ ├── k8s.io │ │ ├── klog │ │ │ ├── code-of-conduct.md │ │ │ ├── OWNERS │ │ │ ├── .travis.yml │ │ │ ├── RELEASE.md │ │ │ └── SECURITY_CONTACTS │ │ └── apimachinery │ │ │ └── pkg │ │ │ ├── api │ │ │ └── resource │ │ │ │ └── OWNERS │ │ │ ├── apis │ │ │ └── meta │ │ │ │ └── v1 │ │ │ │ ├── OWNERS │ │ │ │ └── doc.go │ │ │ ├── util │ │ │ ├── sets │ │ │ │ ├── doc.go │ │ │ │ └── empty.go │ │ │ └── errors │ │ │ │ └── doc.go │ │ │ ├── types │ │ │ ├── doc.go │ │ │ └── uid.go │ │ │ ├── fields │ │ │ └── doc.go │ │ │ ├── labels │ │ │ └── doc.go │ │ │ ├── runtime │ │ │ ├── serializer │ │ │ │ └── protobuf │ │ │ │ │ └── doc.go │ │ │ └── schema │ │ │ │ └── generated.proto │ │ │ ├── watch │ │ │ └── doc.go │ │ │ └── conversion │ │ │ └── queryparams │ │ │ └── doc.go │ └── sigs.k8s.io │ │ └── yaml │ │ ├── code-of-conduct.md │ │ ├── .gitignore │ │ ├── .travis.yml │ │ ├── OWNERS │ │ ├── yaml_go110.go │ │ ├── RELEASE.md │ │ └── SECURITY_CONTACTS ├── go.mod ├── README.md ├── demo │ ├── v1alpha1.yaml │ └── dupes.yaml ├── hack │ └── boilerplate.go.txt └── pkg │ └── apis │ └── config │ ├── doc.go │ └── v1alpha1 │ ├── defaults.go │ └── doc.go ├── tools ├── kaml │ ├── .gitignore │ ├── pkg │ │ ├── visitor │ │ │ ├── path.go │ │ │ ├── interfaces.go │ │ │ └── kubeobject.go │ │ └── xform │ │ │ ├── labels │ │ │ └── testdata │ │ │ │ └── remove-label │ │ │ │ └── simple │ │ │ │ ├── command.yaml │ │ │ │ ├── expected.yaml │ │ │ │ └── input.yaml │ │ │ └── fieldpath.go │ └── go.mod ├── rbac-gen │ ├── pkg │ │ └── convert │ │ │ ├── tests │ │ │ ├── simple.in.yaml │ │ │ ├── simple.out.kubebuilder │ │ │ ├── clusterrole.out.kubebuilder │ │ │ ├── duplicates.out.kubebuilder │ │ │ ├── simple.out.yaml │ │ │ ├── clusterrole.in.yaml │ │ │ ├── clusterrole.out.yaml │ │ │ ├── duplicates.in.yaml │ │ │ └── duplicates.out.yaml │ │ │ └── yaml.go │ └── go.mod ├── kubectl-ownerref │ ├── go.mod │ └── README.md └── generic-addon │ └── go.mod ├── flannel ├── config │ ├── webhook │ │ ├── manifests.yaml │ │ ├── kustomization.yaml │ │ ├── service.yaml │ │ └── kustomizeconfig.yaml │ ├── prometheus │ │ ├── kustomization.yaml │ │ └── monitor.yaml │ ├── certmanager │ │ ├── kustomization.yaml │ │ └── kustomizeconfig.yaml │ ├── manager │ │ ├── kustomization.yaml │ │ └── manager.yaml │ ├── rbac │ │ ├── role_binding.yaml │ │ ├── auth_proxy_role_binding.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── manager_role_binding.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── flannel_viewer_role.yaml │ │ ├── kustomization.yaml │ │ ├── role.yaml │ │ ├── flannel_editor_role.yaml │ │ ├── leader_election_role.yaml │ │ └── manager_role.yaml │ ├── crd │ │ ├── patches │ │ │ ├── cainjection_in_flannels.yaml │ │ │ └── webhook_in_flannels.yaml │ │ └── kustomizeconfig.yaml │ ├── default │ │ ├── manager_webhook_patch.yaml │ │ ├── webhookcainjection_patch.yaml │ │ └── manager_auth_proxy_patch.yaml │ └── samples │ │ └── addons_v1alpha1_flannel.yaml ├── channels │ ├── latest │ └── stable ├── PROJECT ├── controllers │ ├── tests │ │ ├── latest.in.yaml │ │ ├── simple-stable.in.yaml │ │ └── patches-stable.in.yaml │ └── flannel_controller_test.go ├── .gitignore ├── hack │ └── boilerplate.go.txt └── go.mod ├── generic ├── config │ ├── webhook │ │ ├── manifests.yaml │ │ ├── kustomization.yaml │ │ ├── service.yaml │ │ └── kustomizeconfig.yaml │ ├── manager │ │ ├── kustomization.yaml │ │ └── manager.yaml │ ├── prometheus │ │ ├── kustomization.yaml │ │ └── monitor.yaml │ ├── certmanager │ │ ├── kustomization.yaml │ │ └── kustomizeconfig.yaml │ ├── samples │ │ ├── dashboard.yaml │ │ └── addons_v1alpha1_generic.yaml │ ├── rbac │ │ ├── auth_proxy_role_binding.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── role_binding.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── kustomization.yaml │ │ ├── generic_viewer_role.yaml │ │ ├── role.yaml │ │ ├── generic_editor_role.yaml │ │ └── leader_election_role.yaml │ ├── crd │ │ ├── patches │ │ │ ├── cainjection_in_generics.yaml │ │ │ └── webhook_in_generics.yaml │ │ └── kustomizeconfig.yaml │ └── default │ │ ├── manager_webhook_patch.yaml │ │ ├── webhookcainjection_patch.yaml │ │ └── manager_auth_proxy_patch.yaml ├── channels │ └── stable ├── PROJECT ├── .gitignore ├── hack │ └── boilerplate.go.txt ├── go.mod └── Dockerfile ├── kubeproxy ├── config │ ├── manager │ │ ├── role.yaml │ │ ├── kustomization.yaml │ │ └── patches │ │ │ ├── apiserver_endpoint.patch.yaml │ │ │ └── tolerations_controlplane.patch.yaml │ ├── webhook │ │ ├── manifests.yaml │ │ ├── kustomization.yaml │ │ ├── service.yaml │ │ └── kustomizeconfig.yaml │ ├── certmanager │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ └── certificate.yaml │ ├── samples │ │ └── addons_v1alpha1_kubeproxy.yaml │ ├── rbac │ │ ├── role_binding.yaml │ │ ├── auth_proxy_role_binding.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── manager_rolebinding.yaml │ │ ├── kustomization.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── role.yaml │ │ ├── leader_election_role.yaml │ │ └── manager_role.yaml │ ├── crd │ │ ├── patches │ │ │ ├── cainjection_in_kubeproxies.yaml │ │ │ └── webhook_in_kubeproxies.yaml │ │ └── kustomizeconfig.yaml │ └── default │ │ ├── manager_prometheus_metrics_patch.yaml │ │ ├── manager_webhook_patch.yaml │ │ ├── webhookcainjection_patch.yaml │ │ └── manager_auth_proxy_patch.yaml ├── channels │ └── stable ├── PROJECT ├── controllers │ └── tests │ │ └── simple-stable.in.yaml ├── go.mod ├── .gitignore └── hack │ └── boilerplate.go.txt ├── dashboard ├── config │ ├── webhook │ │ ├── manifests.yaml │ │ ├── kustomization.yaml │ │ ├── service.yaml │ │ └── kustomizeconfig.yaml │ ├── prometheus │ │ ├── kustomization.yaml │ │ └── monitor.yaml │ ├── certmanager │ │ ├── kustomization.yaml │ │ └── kustomizeconfig.yaml │ ├── samples │ │ └── addons_v1alpha1_dashboard.yaml │ ├── manager │ │ ├── kustomization.yaml │ │ └── manager.yaml │ ├── rbac │ │ ├── role_binding.yaml │ │ ├── auth_proxy_role_binding.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── kustomization.yaml │ │ ├── dashboard_viewer_role.yaml │ │ ├── dashboard_editor_role.yaml │ │ └── leader_election_role.yaml │ ├── crd │ │ ├── patches │ │ │ ├── cainjection_in_dashboards.yaml │ │ │ └── webhook_in_dashboards.yaml │ │ └── kustomizeconfig.yaml │ └── default │ │ ├── manager_webhook_patch.yaml │ │ ├── webhookcainjection_patch.yaml │ │ └── manager_auth_proxy_patch.yaml ├── channels │ ├── develop │ └── stable ├── PROJECT ├── controllers │ └── tests │ │ ├── simple-stable.in.yaml │ │ ├── simple-develop.in.yaml │ │ ├── patches-stable.in.yaml │ │ └── patches-develop.in.yaml ├── go.mod ├── .gitignore ├── hack │ └── boilerplate.go.txt └── README.md ├── nodelocaldns ├── config │ ├── webhook │ │ ├── manifests.yaml │ │ ├── kustomization.yaml │ │ ├── service.yaml │ │ └── kustomizeconfig.yaml │ ├── prometheus │ │ ├── kustomization.yaml │ │ └── monitor.yaml │ ├── certmanager │ │ ├── kustomization.yaml │ │ └── kustomizeconfig.yaml │ ├── samples │ │ └── addons_v1alpha1_localnodedns.yaml │ ├── manager │ │ └── kustomization.yaml │ ├── rbac │ │ ├── role_binding.yaml │ │ ├── auth_proxy_role_binding.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── manager_role_binding.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── localnodedns_viewer_role.yaml │ │ ├── kustomization.yaml │ │ ├── role.yaml │ │ ├── localnodedns_editor_role.yaml │ │ ├── manager_role.yaml │ │ └── leader_election_role.yaml │ ├── crd │ │ ├── patches │ │ │ ├── cainjection_in_nodelocaldns.yaml │ │ │ └── webhook_in_nodelocaldns.yaml │ │ └── kustomizeconfig.yaml │ └── default │ │ ├── manager_webhook_patch.yaml │ │ ├── webhookcainjection_patch.yaml │ │ └── manager_auth_proxy_patch.yaml ├── channels │ └── stable ├── PROJECT ├── controllers │ ├── tests │ │ └── simple.in.yaml │ └── utils.go ├── go.mod ├── .gitignore └── hack │ └── boilerplate.go.txt ├── .gitignore ├── bootstrap ├── .gitignore ├── go.mod └── go.sum ├── coredns ├── config │ ├── prometheus │ │ ├── kustomization.yaml │ │ └── monitor.yaml │ ├── rbac │ │ ├── service_account.yaml │ │ ├── auth_proxy_client_clusterrole.yaml │ │ ├── role_binding.yaml │ │ ├── auth_proxy_role_binding.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── coredns_viewer_role.yaml │ │ ├── coredns_editor_role.yaml │ │ ├── leader_election_role.yaml │ │ └── kustomization.yaml │ ├── manager │ │ ├── kustomization.yaml │ │ └── controller_manager_config.yaml │ ├── crd │ │ ├── patches │ │ │ ├── cainjection_in_coredns.yaml │ │ │ └── webhook_in_coredns.yaml │ │ └── kustomizeconfig.yaml │ ├── default │ │ ├── manager_config_patch.yaml │ │ └── manager_auth_proxy_patch.yaml │ └── samples │ │ └── addons_v1alpha1_coredns.yaml ├── channels │ ├── stable │ └── packages │ │ └── coredns │ │ ├── 1.7.0 │ │ ├── serviceaccount.yaml │ │ ├── Corefile │ │ ├── clusterrole.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── service.yaml │ │ └── kustomization.yaml │ │ ├── 1.8.0 │ │ ├── serviceaccount.yaml │ │ ├── Corefile │ │ ├── clusterrolebinding.yaml │ │ ├── clusterrole.yaml │ │ ├── service.yaml │ │ └── kustomization.yaml │ │ └── 1.8.4 │ │ ├── serviceaccount.yaml │ │ ├── Corefile │ │ ├── clusterrolebinding.yaml │ │ ├── clusterrole.yaml │ │ ├── service.yaml │ │ └── kustomization.yaml ├── .dockerignore ├── controllers │ └── tests │ │ ├── simple-stable.in.yaml │ │ └── patches-stable.in.yaml ├── go.mod ├── .gitignore ├── hack │ └── boilerplate.go.txt └── PROJECT ├── metrics-server ├── config │ ├── prometheus │ │ ├── kustomization.yaml │ │ └── monitor.yaml │ ├── certmanager │ │ ├── kustomization.yaml │ │ └── kustomizeconfig.yaml │ ├── webhook │ │ ├── kustomization.yaml │ │ ├── service.yaml │ │ └── kustomizeconfig.yaml │ ├── manager │ │ ├── kustomization.yaml │ │ └── manager.yaml │ ├── rbac │ │ ├── role_binding.yaml │ │ ├── auth_proxy_role_binding.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── kustomization.yaml │ │ ├── metricsserver_viewer_role.yaml │ │ ├── metricsserver_editor_role.yaml │ │ └── leader_election_role.yaml │ ├── crd │ │ ├── patches │ │ │ ├── cainjection_in_metricsservers.yaml │ │ │ └── webhook_in_metricsservers.yaml │ │ └── kustomizeconfig.yaml │ ├── default │ │ ├── manager_webhook_patch.yaml │ │ ├── webhookcainjection_patch.yaml │ │ └── manager_auth_proxy_patch.yaml │ └── samples │ │ └── addons_v1alpha1_metricsserver.yaml ├── channels │ └── stable ├── PROJECT ├── go.mod ├── .gitignore ├── hack │ └── boilerplate.go.txt └── controllers │ └── tests │ └── patches.in.yaml ├── .gcloudignore ├── code-of-conduct.md ├── OWNERS_ALIASES ├── OWNERS ├── go.mod ├── dev └── staging │ ├── README.md │ └── cloudbuild.yaml ├── SECURITY_CONTACTS └── test └── boilerplate.go.txt /installer/.gitignore: -------------------------------------------------------------------------------- 1 | bin 2 | -------------------------------------------------------------------------------- /tools/kaml/.gitignore: -------------------------------------------------------------------------------- 1 | kaml 2 | -------------------------------------------------------------------------------- /flannel/config/webhook/manifests.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /generic/config/webhook/manifests.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kubeproxy/config/manager/role.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /dashboard/config/webhook/manifests.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kubeproxy/config/webhook/manifests.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /nodelocaldns/config/webhook/manifests.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | vendor/ 2 | # Emacs 3 | *~ 4 | \#*\# 5 | -------------------------------------------------------------------------------- /bootstrap/.gitignore: -------------------------------------------------------------------------------- 1 | cover.out 2 | cluster-addons-bootstrap 3 | -------------------------------------------------------------------------------- /dashboard/channels/develop: -------------------------------------------------------------------------------- 1 | manifests: 2 | - version: 2.0.0 3 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/reflect2_amd64.s: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/relfect2_386.s: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/relfect2_arm.s: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/relfect2_arm64.s: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/relfect2_mipsx.s: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/relfect2_s390x.s: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/relfect2_amd64p32.s: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/relfect2_mips64x.s: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/relfect2_ppc64x.s: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /installer/vendor/github.com/spf13/pflag/.gitignore: -------------------------------------------------------------------------------- 1 | .idea/* 2 | 3 | -------------------------------------------------------------------------------- /installer/vendor/golang.org/x/net/http2/.gitignore: -------------------------------------------------------------------------------- 1 | *~ 2 | h2i/h2i 3 | -------------------------------------------------------------------------------- /coredns/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /flannel/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /generic/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /generic/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/concurrent/.gitignore: -------------------------------------------------------------------------------- 1 | /coverage.txt 2 | -------------------------------------------------------------------------------- /tools/kaml/pkg/visitor/path.go: -------------------------------------------------------------------------------- 1 | package visitor 2 | 3 | type Path string 4 | -------------------------------------------------------------------------------- /dashboard/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /nodelocaldns/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/.gitignore: -------------------------------------------------------------------------------- 1 | /vendor 2 | /coverage.txt 3 | -------------------------------------------------------------------------------- /installer/vendor/gopkg.in/yaml.v2/go.mod: -------------------------------------------------------------------------------- 1 | module gopkg.in/yaml.v2 2 | 3 | go 1.15 4 | -------------------------------------------------------------------------------- /metrics-server/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /tools/kaml/pkg/xform/labels/testdata/remove-label/simple/command.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | - foo -------------------------------------------------------------------------------- /metrics-server/channels/stable: -------------------------------------------------------------------------------- 1 | manifests: 2 | - name: metrics-server 3 | version: 0.3.6 4 | -------------------------------------------------------------------------------- /coredns/channels/stable: -------------------------------------------------------------------------------- 1 | # Versions for the stable channel 2 | manifests: 3 | - version: 1.8.4 4 | -------------------------------------------------------------------------------- /flannel/channels/latest: -------------------------------------------------------------------------------- 1 | # Versions for the stable channel 2 | manifests: 3 | - version: 0.12.0 4 | -------------------------------------------------------------------------------- /flannel/channels/stable: -------------------------------------------------------------------------------- 1 | # Versions for the stable channel 2 | manifests: 3 | - version: 0.10.0 4 | -------------------------------------------------------------------------------- /generic/channels/stable: -------------------------------------------------------------------------------- 1 | # Versions for the stable channel 2 | manifests: 3 | - version: 2.0.0 4 | -------------------------------------------------------------------------------- /.gcloudignore: -------------------------------------------------------------------------------- 1 | # We include the .git directory, so that we can get the current commit 2 | # .git 3 | -------------------------------------------------------------------------------- /dashboard/channels/stable: -------------------------------------------------------------------------------- 1 | # Versions for the stable channel 2 | manifests: 3 | - version: 2.0.0 4 | -------------------------------------------------------------------------------- /installer/vendor/github.com/google/gofuzz/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/google/gofuzz 2 | 3 | go 1.12 4 | -------------------------------------------------------------------------------- /installer/vendor/github.com/json-iterator/go/.codecov.yml: -------------------------------------------------------------------------------- 1 | ignore: 2 | - "output_tests/.*" 3 | 4 | -------------------------------------------------------------------------------- /kubeproxy/channels/stable: -------------------------------------------------------------------------------- 1 | # Versions for the stable channel 2 | manifests: 3 | - version: 1.15.0 4 | -------------------------------------------------------------------------------- /nodelocaldns/channels/stable: -------------------------------------------------------------------------------- 1 | # Versions for the stable channel 2 | manifests: 3 | - version: 1.15.0 4 | -------------------------------------------------------------------------------- /installer/vendor/golang.org/x/net/http2/Makefile: -------------------------------------------------------------------------------- 1 | curlimage: 2 | docker build -t gohttp2/curl . 3 | 4 | -------------------------------------------------------------------------------- /installer/vendor/github.com/json-iterator/go/.gitignore: -------------------------------------------------------------------------------- 1 | /vendor 2 | /bug_test.go 3 | /coverage.txt 4 | /.idea 5 | -------------------------------------------------------------------------------- /bootstrap/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/cluster-addons/bootstrap 2 | 3 | go 1.16 4 | 5 | require k8s.io/klog/v2 v2.3.0 6 | -------------------------------------------------------------------------------- /dashboard/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /flannel/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /generic/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /kubeproxy/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /metrics-server/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /nodelocaldns/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /flannel/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /generic/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /tools/rbac-gen/pkg/convert/tests/simple.in.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: test-cm 5 | data: 6 | ENV: test 7 | -------------------------------------------------------------------------------- /coredns/config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | -------------------------------------------------------------------------------- /dashboard/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /kubeproxy/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /nodelocaldns/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /metrics-server/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /coredns/.dockerignore: -------------------------------------------------------------------------------- 1 | # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file 2 | # Ignore build and test binaries. 3 | bin/ 4 | testbin/ 5 | -------------------------------------------------------------------------------- /kubeproxy/PROJECT: -------------------------------------------------------------------------------- 1 | version: "2" 2 | domain: x-k8s.io 3 | repo: addon-operators/kubeproxy 4 | resources: 5 | - group: addons 6 | version: v1alpha1 7 | kind: KubeProxy 8 | -------------------------------------------------------------------------------- /code-of-conduct.md: -------------------------------------------------------------------------------- 1 | # Kubernetes Community Code of Conduct 2 | 3 | Please refer to our [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md) 4 | -------------------------------------------------------------------------------- /flannel/PROJECT: -------------------------------------------------------------------------------- 1 | domain: x-k8s.io 2 | repo: sigs.k8s.io/cluster-addons/flannel 3 | resources: 4 | - group: addons 5 | kind: Flannel 6 | version: v1alpha1 7 | version: "2" 8 | -------------------------------------------------------------------------------- /generic/PROJECT: -------------------------------------------------------------------------------- 1 | domain: x-k8s.io 2 | repo: sigs.k8s.io/cluster-addons/generic 3 | resources: 4 | - group: addons 5 | kind: Generic 6 | version: v1alpha1 7 | version: "2" 8 | -------------------------------------------------------------------------------- /dashboard/PROJECT: -------------------------------------------------------------------------------- 1 | domain: x-k8s.io 2 | repo: sigs.k8s.io/cluster-addons/dashboard 3 | resources: 4 | - group: addons 5 | kind: Dashboard 6 | version: v1alpha1 7 | version: "2" 8 | -------------------------------------------------------------------------------- /metrics-server/PROJECT: -------------------------------------------------------------------------------- 1 | domain: x-k8s.io 2 | repo: sigs.k8s.io/cluster-addons 3 | resources: 4 | - group: addons 5 | kind: MetricsServer 6 | version: v1alpha1 7 | version: "2" 8 | -------------------------------------------------------------------------------- /nodelocaldns/PROJECT: -------------------------------------------------------------------------------- 1 | domain: x-k8s.io 2 | repo: sigs.k8s.io/cluster-addons/nodelocaldns 3 | resources: 4 | - group: addons 5 | kind: NodeLocalDNS 6 | version: v1alpha1 7 | version: "2" 8 | -------------------------------------------------------------------------------- /dashboard/controllers/tests/simple-stable.in.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: Dashboard 3 | metadata: 4 | name: dashboard-sample 5 | namespace: kube-system 6 | spec: {} 7 | -------------------------------------------------------------------------------- /OWNERS_ALIASES: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs: https://git.k8s.io/community/docs/devel/owners.md 2 | 3 | aliases: 4 | sig-cluster-lifecycle-leads: 5 | - justinsb 6 | - luxas 7 | - timothysc 8 | -------------------------------------------------------------------------------- /flannel/controllers/tests/latest.in.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: Flannel 3 | metadata: 4 | name: flannel-sample 5 | namespace: kube-system 6 | spec: 7 | channel: latest 8 | -------------------------------------------------------------------------------- /installer/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/cluster-addons/installer 2 | 3 | require ( 4 | github.com/spf13/pflag v1.0.3 5 | k8s.io/apimachinery v0.0.0-20190719140911-bfcf53abc9f8 6 | ) 7 | 8 | go 1.16 9 | -------------------------------------------------------------------------------- /coredns/controllers/tests/simple-stable.in.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: CoreDNS 3 | metadata: 4 | name: coredns-operator 5 | namespace: kube-system 6 | spec: 7 | channel: stable -------------------------------------------------------------------------------- /flannel/controllers/tests/simple-stable.in.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: Flannel 3 | metadata: 4 | name: flannel-sample 5 | namespace: kube-system 6 | spec: 7 | channel: stable 8 | -------------------------------------------------------------------------------- /installer/vendor/k8s.io/klog/code-of-conduct.md: -------------------------------------------------------------------------------- 1 | # Kubernetes Community Code of Conduct 2 | 3 | Please refer to our [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md) 4 | -------------------------------------------------------------------------------- /installer/vendor/sigs.k8s.io/yaml/code-of-conduct.md: -------------------------------------------------------------------------------- 1 | # Kubernetes Community Code of Conduct 2 | 3 | Please refer to our [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md) 4 | -------------------------------------------------------------------------------- /dashboard/controllers/tests/simple-develop.in.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: Dashboard 3 | metadata: 4 | name: dashboard-sample 5 | namespace: kube-system 6 | spec: 7 | channel: develop 8 | -------------------------------------------------------------------------------- /nodelocaldns/controllers/tests/simple.in.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: NodeLocalDNS 3 | metadata: 4 | name: nodelocaldns-sample 5 | namespace: kube-system 6 | spec: 7 | channel: stable 8 | -------------------------------------------------------------------------------- /dashboard/config/samples/addons_v1alpha1_dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: Dashboard 3 | metadata: 4 | name: dashboard-sample 5 | namespace: kube-system 6 | spec: 7 | channel: stable 8 | -------------------------------------------------------------------------------- /installer/vendor/golang.org/x/net/AUTHORS: -------------------------------------------------------------------------------- 1 | # This source code refers to The Go Authors for copyright purposes. 2 | # The master list of authors is in the main Go distribution, 3 | # visible at http://tip.golang.org/AUTHORS. 4 | -------------------------------------------------------------------------------- /installer/vendor/golang.org/x/net/CONTRIBUTORS: -------------------------------------------------------------------------------- 1 | # This source code was written by the Go contributors. 2 | # The master list of contributors is in the main Go distribution, 3 | # visible at http://tip.golang.org/CONTRIBUTORS. 4 | -------------------------------------------------------------------------------- /installer/vendor/golang.org/x/text/AUTHORS: -------------------------------------------------------------------------------- 1 | # This source code refers to The Go Authors for copyright purposes. 2 | # The master list of authors is in the main Go distribution, 3 | # visible at http://tip.golang.org/AUTHORS. 4 | -------------------------------------------------------------------------------- /installer/vendor/gopkg.in/yaml.v2/.travis.yml: -------------------------------------------------------------------------------- 1 | language: go 2 | 3 | go: 4 | - 1.4 5 | - 1.5 6 | - 1.6 7 | - 1.7 8 | - 1.8 9 | - 1.9 10 | - tip 11 | 12 | go_import_path: gopkg.in/yaml.v2 13 | -------------------------------------------------------------------------------- /dashboard/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | images: 6 | - name: controller 7 | newName: controller 8 | newTag: latest 9 | -------------------------------------------------------------------------------- /installer/vendor/golang.org/x/text/CONTRIBUTORS: -------------------------------------------------------------------------------- 1 | # This source code was written by the Go contributors. 2 | # The master list of contributors is in the main Go distribution, 3 | # visible at http://tip.golang.org/CONTRIBUTORS. 4 | -------------------------------------------------------------------------------- /nodelocaldns/config/samples/addons_v1alpha1_localnodedns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: NodeLocalDNS 3 | metadata: 4 | name: nodelocaldns-sample 5 | namespace: kube-system 6 | spec: 7 | channel: stable 8 | -------------------------------------------------------------------------------- /tools/rbac-gen/pkg/convert/tests/simple.out.kubebuilder: -------------------------------------------------------------------------------- 1 | //+kubebuilder:rbac:groups=,resources=configmaps,verbs=create;delete;get;list;patch;update;watch 2 | //+kubebuilder:rbac:groups=,resources=configmaps/status,verbs=get;list;watch -------------------------------------------------------------------------------- /metrics-server/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | images: 6 | - name: controller 7 | newName: controller 8 | newTag: latest 9 | -------------------------------------------------------------------------------- /flannel/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | images: 6 | - name: controller 7 | newName: somma/flannel-operator 8 | newTag: latest 9 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/go_below_17.go: -------------------------------------------------------------------------------- 1 | //+build !go1.7 2 | 3 | package reflect2 4 | 5 | import "unsafe" 6 | 7 | func resolveTypeOff(rtype unsafe.Pointer, off int32) unsafe.Pointer { 8 | return nil 9 | } 10 | -------------------------------------------------------------------------------- /kubeproxy/controllers/tests/simple-stable.in.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: KubeProxy 3 | metadata: 4 | name: default 5 | namespace: kube-system 6 | spec: 7 | channel: stable 8 | clusterCidr: 192.168.0.0/16 9 | -------------------------------------------------------------------------------- /kubeproxy/config/samples/addons_v1alpha1_kubeproxy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: KubeProxy 3 | metadata: 4 | name: default 5 | namespace: kube-system 6 | spec: 7 | channel: stable 8 | clusterCidr: 192.168.0.0/16 9 | -------------------------------------------------------------------------------- /coredns/config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: 7 | - "/metrics" 8 | verbs: 9 | - get 10 | -------------------------------------------------------------------------------- /nodelocaldns/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | images: 6 | - name: controller 7 | newName: somma/nodelocaldns-operator 8 | newTag: latest 9 | -------------------------------------------------------------------------------- /coredns/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | 4 | generatorOptions: 5 | disableNameSuffixHash: true 6 | 7 | configMapGenerator: 8 | - name: manager-config 9 | files: 10 | - controller_manager_config.yaml 11 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/go_above_17.go: -------------------------------------------------------------------------------- 1 | //+build go1.7 2 | 3 | package reflect2 4 | 5 | import "unsafe" 6 | 7 | //go:linkname resolveTypeOff reflect.resolveTypeOff 8 | func resolveTypeOff(rtype unsafe.Pointer, off int32) unsafe.Pointer 9 | -------------------------------------------------------------------------------- /dashboard/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /flannel/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /generic/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /installer/vendor/github.com/json-iterator/go/.travis.yml: -------------------------------------------------------------------------------- 1 | language: go 2 | 3 | go: 4 | - 1.8.x 5 | - 1.x 6 | 7 | before_install: 8 | - go get -t -v ./... 9 | 10 | script: 11 | - ./test.sh 12 | 13 | after_success: 14 | - bash <(curl -s https://codecov.io/bash) 15 | -------------------------------------------------------------------------------- /kubeproxy/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/concurrent/.travis.yml: -------------------------------------------------------------------------------- 1 | language: go 2 | 3 | go: 4 | - 1.8.x 5 | - 1.x 6 | 7 | before_install: 8 | - go get -t -v ./... 9 | 10 | script: 11 | - ./test.sh 12 | 13 | after_success: 14 | - bash <(curl -s https://codecov.io/bash) 15 | -------------------------------------------------------------------------------- /metrics-server/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /nodelocaldns/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /tools/kaml/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/cluster-addons/tools/kaml 2 | 3 | go 1.14 4 | 5 | require ( 6 | github.com/google/go-cmp v0.5.3 7 | github.com/spf13/cobra v1.1.1 8 | k8s.io/klog/v2 v2.30.0 9 | sigs.k8s.io/kustomize/kyaml v0.9.4 10 | sigs.k8s.io/yaml v1.2.0 11 | ) 12 | -------------------------------------------------------------------------------- /generic/config/samples/dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: Generic 3 | metadata: 4 | name: generic-dashboard 5 | spec: 6 | objectKind: 7 | kind: Dashboard 8 | version: "v1alpha1" 9 | group: addons.k8s.io 10 | channel: "../dashboard/channels" 11 | -------------------------------------------------------------------------------- /installer/vendor/github.com/google/gofuzz/.travis.yml: -------------------------------------------------------------------------------- 1 | language: go 2 | 3 | go: 4 | - 1.4 5 | - 1.3 6 | - 1.2 7 | - tip 8 | 9 | install: 10 | - if ! go get code.google.com/p/go.tools/cmd/cover; then go get golang.org/x/tools/cmd/cover; fi 11 | 12 | script: 13 | - go test -cover 14 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs at https://go.k8s.io/owners 2 | 3 | approvers: 4 | - johnsonj 5 | - justinsb 6 | - rajansandeep 7 | - stealthybox 8 | - sig-cluster-lifecycle-leads 9 | reviewers: 10 | - atoato88 11 | - johnsonj 12 | - justinsb 13 | - rajansandeep 14 | - stealthybox 15 | -------------------------------------------------------------------------------- /coredns/channels/packages/coredns/1.7.0/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: coredns 5 | namespace: kube-system 6 | labels: 7 | kubernetes.io/cluster-service: "true" 8 | kubernetes.io/name: "CoreDNS" 9 | addonmanager.kubernetes.io/mode: EnsureExists -------------------------------------------------------------------------------- /coredns/channels/packages/coredns/1.8.0/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: coredns 5 | namespace: kube-system 6 | labels: 7 | kubernetes.io/cluster-service: "true" 8 | kubernetes.io/name: "CoreDNS" 9 | addonmanager.kubernetes.io/mode: EnsureExists 10 | -------------------------------------------------------------------------------- /coredns/channels/packages/coredns/1.8.4/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: coredns 5 | namespace: kube-system 6 | labels: 7 | kubernetes.io/cluster-service: "true" 8 | kubernetes.io/name: "CoreDNS" 9 | addonmanager.kubernetes.io/mode: EnsureExists 10 | -------------------------------------------------------------------------------- /generic/config/samples/addons_v1alpha1_generic.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: Generic 3 | metadata: 4 | name: generic-sample 5 | spec: 6 | objectKind: 7 | kind: NodeLocalDNS 8 | version: "v1alpha1" 9 | group: addons.x-k8s.io 10 | channel: "../nodelocaldns/channels" 11 | 12 | -------------------------------------------------------------------------------- /bootstrap/go.sum: -------------------------------------------------------------------------------- 1 | github.com/go-logr/logr v0.2.0 h1:QvGt2nLcHH0WK9orKa+ppBPAxREcH364nPUedEpK0TY= 2 | github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= 3 | k8s.io/klog/v2 v2.3.0 h1:WmkrnW7fdrm0/DMClc+HIxtftvxVIPAhlVwMQo5yLco= 4 | k8s.io/klog/v2 v2.3.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= 5 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/concurrent/go_above_19.go: -------------------------------------------------------------------------------- 1 | //+build go1.9 2 | 3 | package concurrent 4 | 5 | import "sync" 6 | 7 | // Map is a wrapper for sync.Map introduced in go1.9 8 | type Map struct { 9 | sync.Map 10 | } 11 | 12 | // NewMap creates a thread safe Map 13 | func NewMap() *Map { 14 | return &Map{} 15 | } 16 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/.travis.yml: -------------------------------------------------------------------------------- 1 | language: go 2 | 3 | go: 4 | - 1.8.x 5 | - 1.x 6 | 7 | before_install: 8 | - go get -t -v ./... 9 | - go get -t -v github.com/modern-go/reflect2-tests/... 10 | 11 | script: 12 | - ./test.sh 13 | 14 | after_success: 15 | - bash <(curl -s https://codecov.io/bash) 16 | -------------------------------------------------------------------------------- /coredns/config/manager/controller_manager_config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 2 | kind: ControllerManagerConfig 3 | health: 4 | healthProbeBindAddress: :8081 5 | metrics: 6 | bindAddress: 127.0.0.1:8080 7 | webhook: 8 | port: 9443 9 | leaderElection: 10 | leaderElect: true 11 | resourceName: f4f34b31.x-k8s.io 12 | -------------------------------------------------------------------------------- /dashboard/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /flannel/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /kubeproxy/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /coredns/config/crd/patches/cainjection_in_coredns.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: coredns.addons.x-k8s.io 8 | -------------------------------------------------------------------------------- /dashboard/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /flannel/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /generic/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /kubeproxy/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | images: 6 | - name: controller 7 | newName: controller 8 | newTag: latest 9 | patchesStrategicMerge: 10 | - patches/apiserver_endpoint.patch.yaml 11 | - patches/tolerations_controlplane.patch.yaml 12 | -------------------------------------------------------------------------------- /kubeproxy/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /metrics-server/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /nodelocaldns/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /coredns/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /metrics-server/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /nodelocaldns/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /coredns/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /flannel/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /generic/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /generic/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | # <-------- 9 | name: manager-role 10 | subjects: 11 | - kind: ServiceAccount 12 | name: default 13 | namespace: system 14 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/go_below_19.go: -------------------------------------------------------------------------------- 1 | //+build !go1.9 2 | 3 | package reflect2 4 | 5 | import ( 6 | "unsafe" 7 | ) 8 | 9 | //go:linkname makemap reflect.makemap 10 | func makemap(rtype unsafe.Pointer) (m unsafe.Pointer) 11 | 12 | func makeMapWithSize(rtype unsafe.Pointer, cap int) unsafe.Pointer { 13 | return makemap(rtype) 14 | } 15 | -------------------------------------------------------------------------------- /installer/vendor/sigs.k8s.io/yaml/.gitignore: -------------------------------------------------------------------------------- 1 | # OSX leaves these everywhere on SMB shares 2 | ._* 3 | 4 | # Eclipse files 5 | .classpath 6 | .project 7 | .settings/** 8 | 9 | # Emacs save files 10 | *~ 11 | 12 | # Vim-related files 13 | [._]*.s[a-w][a-z] 14 | [._]s[a-w][a-z] 15 | *.un~ 16 | Session.vim 17 | .netrwhist 18 | 19 | # Go test binaries 20 | *.test 21 | -------------------------------------------------------------------------------- /dashboard/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /flannel/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /flannel/config/rbac/manager_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: main-manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: main-manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /generic/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /kubeproxy/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /nodelocaldns/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /nodelocaldns/config/rbac/manager_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: main-manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: main-manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /coredns/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /dashboard/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /dashboard/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /flannel/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /generic/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /kubeproxy/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /kubeproxy/config/rbac/manager_rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: main-manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: main-manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /metrics-server/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /nodelocaldns/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /tools/rbac-gen/pkg/convert/tests/clusterrole.out.kubebuilder: -------------------------------------------------------------------------------- 1 | //+kubebuilder:rbac:groups=,resources=pods;secrets,verbs=get;list;watch 2 | //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles/status;roles/status,verbs=get;list;watch 3 | //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles;roles,verbs=create;delete;get;list;patch;update;watch -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/go_above_19.go: -------------------------------------------------------------------------------- 1 | //+build go1.9 2 | 3 | package reflect2 4 | 5 | import ( 6 | "unsafe" 7 | ) 8 | 9 | //go:linkname makemap reflect.makemap 10 | func makemap(rtype unsafe.Pointer, cap int) (m unsafe.Pointer) 11 | 12 | func makeMapWithSize(rtype unsafe.Pointer, cap int) unsafe.Pointer { 13 | return makemap(rtype, cap) 14 | } 15 | -------------------------------------------------------------------------------- /installer/vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs at https://go.k8s.io/owners 2 | 3 | reviewers: 4 | - thockin 5 | - lavalamp 6 | - smarterclayton 7 | - wojtek-t 8 | - derekwaynecarr 9 | - mikedanese 10 | - saad-ali 11 | - janetkuo 12 | - tallclair 13 | - eparis 14 | - jbeda 15 | - xiang90 16 | - mbohlool 17 | - david-mcmahon 18 | - goltermann 19 | -------------------------------------------------------------------------------- /metrics-server/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /metrics-server/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /nodelocaldns/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /dashboard/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/cluster-addons/dashboard 2 | 3 | go 1.16 4 | 5 | require ( 6 | github.com/go-logr/logr v0.1.0 7 | k8s.io/apimachinery v0.0.0-20190913080033-27d36303b655 8 | k8s.io/client-go v0.0.0-20190918160344-1fbdaa4c8d90 9 | sigs.k8s.io/controller-runtime v0.4.0 10 | sigs.k8s.io/kubebuilder-declarative-pattern v0.0.0-20200226054827-748a6481b2a4 11 | ) 12 | -------------------------------------------------------------------------------- /installer/vendor/github.com/json-iterator/go/test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | echo "" > coverage.txt 5 | 6 | for d in $(go list ./... | grep -v vendor); do 7 | go test -coverprofile=profile.out -coverpkg=github.com/json-iterator/go $d 8 | if [ -f profile.out ]; then 9 | cat profile.out >> coverage.txt 10 | rm profile.out 11 | fi 12 | done 13 | -------------------------------------------------------------------------------- /dashboard/controllers/tests/patches-stable.in.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: Dashboard 3 | metadata: 4 | name: dashboard-sample 5 | namespace: kube-system 6 | spec: 7 | patches: 8 | - apiVersion: apps/v1 9 | kind: Deployment 10 | metadata: 11 | name: kubernetes-dashboard 12 | namespace: kube-system 13 | spec: 14 | replicas: 5 15 | -------------------------------------------------------------------------------- /nodelocaldns/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/cluster-addons/nodelocaldns 2 | 3 | go 1.16 4 | 5 | require ( 6 | github.com/go-logr/logr v0.1.0 7 | k8s.io/api v0.18.4 8 | k8s.io/apimachinery v0.18.4 9 | k8s.io/client-go v0.18.4 10 | k8s.io/klog v1.0.0 11 | sigs.k8s.io/controller-runtime v0.6.0 12 | sigs.k8s.io/kubebuilder-declarative-pattern v0.0.0-20200702123846-f7388b7841f5 13 | ) 14 | -------------------------------------------------------------------------------- /coredns/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: 7 | - authentication.k8s.io 8 | resources: 9 | - tokenreviews 10 | verbs: 11 | - create 12 | - apiGroups: 13 | - authorization.k8s.io 14 | resources: 15 | - subjectaccessreviews 16 | verbs: 17 | - create 18 | -------------------------------------------------------------------------------- /coredns/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | protocol: TCP 13 | targetPort: https 14 | selector: 15 | control-plane: controller-manager 16 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/concurrent/test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | echo "" > coverage.txt 5 | 6 | for d in $(go list ./... | grep -v vendor); do 7 | go test -coverprofile=profile.out -coverpkg=github.com/modern-go/concurrent $d 8 | if [ -f profile.out ]; then 9 | cat profile.out >> coverage.txt 10 | rm profile.out 11 | fi 12 | done 13 | -------------------------------------------------------------------------------- /kubeproxy/go.mod: -------------------------------------------------------------------------------- 1 | module addon-operators/kubeproxy 2 | 3 | go 1.16 4 | 5 | require ( 6 | github.com/go-logr/logr v0.1.0 7 | github.com/imdario/mergo v0.3.7 // indirect 8 | k8s.io/apimachinery v0.18.2 9 | k8s.io/client-go v0.18.2 10 | k8s.io/klog v1.0.0 11 | sigs.k8s.io/controller-runtime v0.6.0 12 | sigs.k8s.io/kubebuilder-declarative-pattern v0.0.0-20200512162422-ce639cbf6d4c 13 | ) 14 | -------------------------------------------------------------------------------- /metrics-server/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/cluster-addons/metrics-server 2 | 3 | go 1.16 4 | 5 | require ( 6 | github.com/go-logr/logr v0.1.0 7 | k8s.io/apimachinery v0.0.0-20190913080033-27d36303b655 8 | k8s.io/client-go v0.0.0-20190918160344-1fbdaa4c8d90 9 | sigs.k8s.io/controller-runtime v0.4.0 10 | sigs.k8s.io/kubebuilder-declarative-pattern v0.0.0-20200127222139-6fce7388950a 11 | ) 12 | -------------------------------------------------------------------------------- /installer/vendor/github.com/spf13/pflag/.travis.yml: -------------------------------------------------------------------------------- 1 | sudo: false 2 | 3 | language: go 4 | 5 | go: 6 | - 1.7.3 7 | - 1.8.1 8 | - tip 9 | 10 | matrix: 11 | allow_failures: 12 | - go: tip 13 | 14 | install: 15 | - go get github.com/golang/lint/golint 16 | - export PATH=$GOPATH/bin:$PATH 17 | - go install ./... 18 | 19 | script: 20 | - verify/all.sh -v 21 | - go test ./... 22 | -------------------------------------------------------------------------------- /installer/vendor/k8s.io/klog/OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs at https://go.k8s.io/owners 2 | reviewers: 3 | - jayunit100 4 | - hoegaarden 5 | - andyxning 6 | - neolit123 7 | - pohly 8 | - yagonobre 9 | - vincepri 10 | - detiber 11 | approvers: 12 | - dims 13 | - thockin 14 | - justinsb 15 | - tallclair 16 | - piosz 17 | - brancz 18 | - DirectXMan12 19 | - lavalamp 20 | -------------------------------------------------------------------------------- /installer/vendor/sigs.k8s.io/yaml/.travis.yml: -------------------------------------------------------------------------------- 1 | language: go 2 | dist: xenial 3 | go: 4 | - 1.9.x 5 | - 1.10.x 6 | - 1.11.x 7 | script: 8 | - go get -t -v ./... 9 | - diff -u <(echo -n) <(gofmt -d .) 10 | - diff -u <(echo -n) <(golint $(go list -e ./...) | grep -v YAMLToJSON) 11 | - go tool vet . 12 | - go test -v -race ./... 13 | install: 14 | - go get golang.org/x/lint/golint 15 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/concurrent/log.go: -------------------------------------------------------------------------------- 1 | package concurrent 2 | 3 | import ( 4 | "os" 5 | "log" 6 | "io/ioutil" 7 | ) 8 | 9 | // ErrorLogger is used to print out error, can be set to writer other than stderr 10 | var ErrorLogger = log.New(os.Stderr, "", 0) 11 | 12 | // InfoLogger is used to print informational message, default to off 13 | var InfoLogger = log.New(ioutil.Discard, "", 0) -------------------------------------------------------------------------------- /installer/vendor/k8s.io/klog/.travis.yml: -------------------------------------------------------------------------------- 1 | language: go 2 | go_import_path: k8s.io/klog 3 | dist: xenial 4 | go: 5 | - 1.9.x 6 | - 1.10.x 7 | - 1.11.x 8 | script: 9 | - go get -t -v ./... 10 | - diff -u <(echo -n) <(gofmt -d .) 11 | - diff -u <(echo -n) <(golint $(go list -e ./...)) 12 | - go tool vet . 13 | - go test -v -race ./... 14 | install: 15 | - go get golang.org/x/lint/golint 16 | -------------------------------------------------------------------------------- /flannel/config/crd/patches/cainjection_in_flannels.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: flannels.addons.x-k8s.io 9 | -------------------------------------------------------------------------------- /generic/config/crd/patches/cainjection_in_generics.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: generics.addons.x-k8s.io 9 | -------------------------------------------------------------------------------- /tools/rbac-gen/pkg/convert/tests/duplicates.out.kubebuilder: -------------------------------------------------------------------------------- 1 | //+kubebuilder:rbac:groups=,resources=configmaps,verbs=create;delete;get;list;patch;update;watch 2 | //+kubebuilder:rbac:groups=,resources=configmaps/status,verbs=get;list;watch 3 | //+kubebuilder:rbac:groups=apps,resources=deployments,verbs=create;delete;get;list;patch;update;watch 4 | //+kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;list;watch -------------------------------------------------------------------------------- /dashboard/config/crd/patches/cainjection_in_dashboards.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: dashboards.addons.x-k8s.io 9 | -------------------------------------------------------------------------------- /dashboard/controllers/tests/patches-develop.in.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: Dashboard 3 | metadata: 4 | name: dashboard-sample 5 | namespace: kube-system 6 | spec: 7 | channel: develop 8 | patches: 9 | - apiVersion: apps/v1 10 | kind: Deployment 11 | metadata: 12 | name: kubernetes-dashboard 13 | namespace: kubernetes-dashboard 14 | spec: 15 | replicas: 5 16 | -------------------------------------------------------------------------------- /generic/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - leader_election_role.yaml 5 | - leader_election_role_binding.yaml 6 | # Comment the following 3 lines if you want to disable 7 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 8 | # which protects your /metrics endpoint. 9 | - auth_proxy_service.yaml 10 | - auth_proxy_role.yaml 11 | - auth_proxy_role_binding.yaml 12 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/kubernetes-sigs/cluster-addons 2 | 3 | go 1.16 4 | 5 | require ( 6 | github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b 7 | github.com/googleapis/gnostic v0.3.1 // indirect 8 | github.com/imdario/mergo v0.3.6 // indirect 9 | gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect 10 | k8s.io/api v0.18.2 11 | k8s.io/apimachinery v0.18.2 12 | k8s.io/client-go v0.18.2 13 | ) 14 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | echo "" > coverage.txt 5 | 6 | for d in $(go list github.com/modern-go/reflect2-tests/... | grep -v vendor); do 7 | go test -coverprofile=profile.out -coverpkg=github.com/modern-go/reflect2 $d 8 | if [ -f profile.out ]; then 9 | cat profile.out >> coverage.txt 10 | rm profile.out 11 | fi 12 | done 13 | -------------------------------------------------------------------------------- /kubeproxy/config/crd/patches/cainjection_in_kubeproxies.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | certmanager.k8s.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: kubeproxies.addons.x-k8s.io 9 | -------------------------------------------------------------------------------- /nodelocaldns/config/crd/patches/cainjection_in_nodelocaldns.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: nodelocaldns.addons.x-k8s.io 9 | -------------------------------------------------------------------------------- /tools/kubectl-ownerref/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/cluster-addons/tools/kubectl-ownerref 2 | 3 | go 1.13 4 | 5 | require ( 6 | github.com/imdario/mergo v0.3.9 // indirect 7 | github.com/spf13/cobra v1.2.1 8 | k8s.io/apimachinery v0.22.1 9 | k8s.io/cli-runtime v0.22.1 10 | k8s.io/client-go v0.22.1 11 | k8s.io/klog/v2 v2.9.0 12 | k8s.io/kubectl v0.22.1 13 | k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9 14 | ) 15 | -------------------------------------------------------------------------------- /coredns/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/cluster-addons/coredns 2 | 3 | go 1.16 4 | 5 | require ( 6 | github.com/coredns/corefile-migration v1.0.14 7 | github.com/pkg/errors v0.9.1 8 | k8s.io/api v0.21.2 9 | k8s.io/apimachinery v0.21.2 10 | k8s.io/client-go v0.21.2 11 | k8s.io/klog/v2 v2.8.0 12 | sigs.k8s.io/controller-runtime v0.9.2 13 | sigs.k8s.io/kubebuilder-declarative-pattern v0.0.0-20210630174303-f77bb4933dfb 14 | ) 15 | -------------------------------------------------------------------------------- /dashboard/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | control-plane: controller-manager 16 | -------------------------------------------------------------------------------- /dashboard/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - leader_election_role.yaml 5 | - leader_election_role_binding.yaml 6 | # Comment the following 3 lines if you want to disable 7 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 8 | # which protects your /metrics endpoint. 9 | - auth_proxy_service.yaml 10 | - auth_proxy_role.yaml 11 | - auth_proxy_role_binding.yaml 12 | -------------------------------------------------------------------------------- /flannel/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | control-plane: controller-manager 16 | -------------------------------------------------------------------------------- /generic/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | control-plane: controller-manager 16 | -------------------------------------------------------------------------------- /metrics-server/config/crd/patches/cainjection_in_metricsservers.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: metricsservers.addons.x-k8s.io 9 | -------------------------------------------------------------------------------- /installer/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go: -------------------------------------------------------------------------------- 1 | // Copyright 2016 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build go1.10 6 | 7 | package bidirule 8 | 9 | func (t *Transformer) isFinal() bool { 10 | return t.state == ruleLTRFinal || t.state == ruleRTLFinal || t.state == ruleInitial 11 | } 12 | -------------------------------------------------------------------------------- /metrics-server/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | control-plane: controller-manager 16 | -------------------------------------------------------------------------------- /metrics-server/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - leader_election_role.yaml 5 | - leader_election_role_binding.yaml 6 | # Comment the following 3 lines if you want to disable 7 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 8 | # which protects your /metrics endpoint. 9 | - auth_proxy_service.yaml 10 | - auth_proxy_role.yaml 11 | - auth_proxy_role_binding.yaml 12 | -------------------------------------------------------------------------------- /nodelocaldns/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | control-plane: controller-manager 16 | -------------------------------------------------------------------------------- /installer/vendor/sigs.k8s.io/yaml/OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - dims 3 | - lavalamp 4 | - smarterclayton 5 | - deads2k 6 | - sttts 7 | - liggitt 8 | - caesarxuchao 9 | reviewers: 10 | - dims 11 | - thockin 12 | - lavalamp 13 | - smarterclayton 14 | - wojtek-t 15 | - deads2k 16 | - derekwaynecarr 17 | - caesarxuchao 18 | - mikedanese 19 | - liggitt 20 | - gmarek 21 | - sttts 22 | - ncdc 23 | - tallclair 24 | labels: 25 | - sig/api-machinery 26 | -------------------------------------------------------------------------------- /kubeproxy/config/manager/patches/apiserver_endpoint.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | env: 12 | - name: KUBERNETES_SERVICE_HOST 13 | value: "172.17.0.3" 14 | - name: KUBERNETES_SERVICE_PORT 15 | value: "6443" 16 | -------------------------------------------------------------------------------- /coredns/channels/packages/coredns/1.7.0/Corefile: -------------------------------------------------------------------------------- 1 | .:53 { 2 | errors 3 | health { 4 | lameduck 5s 5 | } 6 | ready 7 | kubernetes {{ .DNSDomain }} in-addr.arpa ip6.arpa { 8 | fallthrough in-addr.arpa ip6.arpa 9 | ttl 30 10 | } 11 | prometheus :9153 12 | forward . /etc/resolv.conf { 13 | max_concurrent 1000 14 | } 15 | cache 30 16 | loop 17 | reload 18 | loadbalance 19 | } -------------------------------------------------------------------------------- /coredns/channels/packages/coredns/1.8.0/Corefile: -------------------------------------------------------------------------------- 1 | .:53 { 2 | errors 3 | health { 4 | lameduck 5s 5 | } 6 | ready 7 | kubernetes {{ .DNSDomain }} in-addr.arpa ip6.arpa { 8 | fallthrough in-addr.arpa ip6.arpa 9 | ttl 30 10 | } 11 | prometheus :9153 12 | forward . /etc/resolv.conf { 13 | max_concurrent 1000 14 | } 15 | cache 30 16 | loop 17 | reload 18 | loadbalance 19 | } -------------------------------------------------------------------------------- /coredns/channels/packages/coredns/1.8.4/Corefile: -------------------------------------------------------------------------------- 1 | .:53 { 2 | errors 3 | health { 4 | lameduck 5s 5 | } 6 | ready 7 | kubernetes {{ .DNSDomain }} in-addr.arpa ip6.arpa { 8 | fallthrough in-addr.arpa ip6.arpa 9 | ttl 30 10 | } 11 | prometheus :9153 12 | forward . /etc/resolv.conf { 13 | max_concurrent 1000 14 | } 15 | cache 30 16 | loop 17 | reload 18 | loadbalance 19 | } -------------------------------------------------------------------------------- /flannel/config/rbac/flannel_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do viewer flannels. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: flannel-viewer-role 6 | rules: 7 | - apiGroups: 8 | - addons.x-k8s.io 9 | resources: 10 | - flannels 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - addons.x-k8s.io 17 | resources: 18 | - flannels/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /coredns/config/rbac/coredns_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view coredns. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: coredns-viewer-role 6 | rules: 7 | - apiGroups: 8 | - addons.x-k8s.io 9 | resources: 10 | - coredns 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - addons.x-k8s.io 17 | resources: 18 | - coredns/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /tools/kaml/pkg/xform/labels/testdata/remove-label/simple/expected.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | fooz: baz 6 | name: example 7 | namespace: default 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | fooz: baz 13 | template: 14 | metadata: 15 | labels: 16 | fooz: baz 17 | spec: 18 | containers: 19 | - image: example 20 | name: main 21 | -------------------------------------------------------------------------------- /dashboard/config/rbac/dashboard_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do viewer dashboards. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: dashboard-viewer-role 6 | rules: 7 | - apiGroups: 8 | - addons.x-k8s.io 9 | resources: 10 | - dashboards 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - addons.x-k8s.io 17 | resources: 18 | - dashboards/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /dev/staging/README.md: -------------------------------------------------------------------------------- 1 | This cloudbuild job is invoked by prow after every commit to master, 2 | and will push images to the staging image repository. 3 | 4 | It can also be run against your own GCP project, which is helpful when 5 | testing or adding to the cloudbuild job. An example command is: 6 | 7 | ``` 8 | gcloud builds submit --config=dev/staging/cloudbuild.yaml . --substitutions=_DOCKER_IMAGE_PREFIX=$(gcloud config get-value project)/ 9 | ``` 10 | 11 | -------------------------------------------------------------------------------- /generic/config/rbac/generic_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do viewer generics. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: generic-viewer-role 6 | rules: 7 | - apiGroups: 8 | - addons.x-k8s.io 9 | resources: 10 | # <-------- 11 | - generics 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | - apiGroups: 17 | - addons.x-k8s.io 18 | resources: 19 | - generics/status 20 | verbs: 21 | - get 22 | -------------------------------------------------------------------------------- /tools/generic-addon/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/cluster-addons/tools/generic-addon 2 | 3 | go 1.13 4 | 5 | require ( 6 | github.com/gobuffalo/flect v0.2.1 7 | golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect 8 | k8s.io/apimachinery v0.18.4 9 | sigs.k8s.io/cluster-addons/tools/rbac-gen v0.0.0-20200816135617-55b10924878e 10 | sigs.k8s.io/kubebuilder-declarative-pattern v0.0.0-20200816135617-dbfe418e405f 11 | sigs.k8s.io/yaml v1.2.0 12 | ) 13 | -------------------------------------------------------------------------------- /kubeproxy/config/manager/patches/tolerations_controlplane.patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | tolerations: 10 | - key: "node.kubernetes.io/not-ready" 11 | operator: "Exists" 12 | effect: "NoSchedule" 13 | - key: "node-role.kubernetes.io/master" 14 | operator: "Exists" 15 | effect: "NoSchedule" 16 | -------------------------------------------------------------------------------- /installer/vendor/sigs.k8s.io/yaml/yaml_go110.go: -------------------------------------------------------------------------------- 1 | // This file contains changes that are only compatible with go 1.10 and onwards. 2 | 3 | // +build go1.10 4 | 5 | package yaml 6 | 7 | import "encoding/json" 8 | 9 | // DisallowUnknownFields configures the JSON decoder to error out if unknown 10 | // fields come along, instead of dropping them by default. 11 | func DisallowUnknownFields(d *json.Decoder) *json.Decoder { 12 | d.DisallowUnknownFields() 13 | return d 14 | } 15 | -------------------------------------------------------------------------------- /nodelocaldns/config/rbac/localnodedns_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do viewer nodelocaldns. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: nodelocaldns-viewer-role 6 | rules: 7 | - apiGroups: 8 | - addons.x-k8s.io 9 | resources: 10 | - nodelocaldns 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - addons.x-k8s.io 17 | resources: 18 | - nodelocaldns/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /dashboard/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | 10 | # Test binary, build with `go test -c` 11 | *.test 12 | 13 | # Output of the go coverage tool, specifically when used with LiteIDE 14 | *.out 15 | 16 | # Kubernetes Generated files - skip generated files, except for vendored files 17 | 18 | !vendor/**/zz_generated.* 19 | 20 | # editor and IDE paraphernalia 21 | .idea 22 | *.swp 23 | *.swo 24 | *~ 25 | -------------------------------------------------------------------------------- /flannel/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | 10 | # Test binary, build with `go test -c` 11 | *.test 12 | 13 | # Output of the go coverage tool, specifically when used with LiteIDE 14 | *.out 15 | 16 | # Kubernetes Generated files - skip generated files, except for vendored files 17 | 18 | !vendor/**/zz_generated.* 19 | 20 | # editor and IDE paraphernalia 21 | .idea 22 | *.swp 23 | *.swo 24 | *~ 25 | -------------------------------------------------------------------------------- /flannel/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - manager_role.yaml 5 | - manager_role_binding.yaml 6 | - leader_election_role.yaml 7 | - leader_election_role_binding.yaml 8 | # Comment the following 3 lines if you want to disable 9 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 10 | # which protects your /metrics endpoint. 11 | - auth_proxy_service.yaml 12 | - auth_proxy_role.yaml 13 | - auth_proxy_role_binding.yaml 14 | -------------------------------------------------------------------------------- /generic/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | 10 | # Test binary, build with `go test -c` 11 | *.test 12 | 13 | # Output of the go coverage tool, specifically when used with LiteIDE 14 | *.out 15 | 16 | # Kubernetes Generated files - skip generated files, except for vendored files 17 | 18 | !vendor/**/zz_generated.* 19 | 20 | # editor and IDE paraphernalia 21 | .idea 22 | *.swp 23 | *.swo 24 | *~ 25 | -------------------------------------------------------------------------------- /installer/vendor/github.com/json-iterator/go/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | set -x 4 | 5 | if [ ! -d /tmp/build-golang/src/github.com/json-iterator ]; then 6 | mkdir -p /tmp/build-golang/src/github.com/json-iterator 7 | ln -s $PWD /tmp/build-golang/src/github.com/json-iterator/go 8 | fi 9 | export GOPATH=/tmp/build-golang 10 | go get -u github.com/golang/dep/cmd/dep 11 | cd /tmp/build-golang/src/github.com/json-iterator/go 12 | exec $GOPATH/bin/dep ensure -update 13 | -------------------------------------------------------------------------------- /installer/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go: -------------------------------------------------------------------------------- 1 | // Copyright 2016 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build !go1.10 6 | 7 | package bidirule 8 | 9 | func (t *Transformer) isFinal() bool { 10 | if !t.isRTL() { 11 | return true 12 | } 13 | return t.state == ruleLTRFinal || t.state == ruleRTLFinal || t.state == ruleInitial 14 | } 15 | -------------------------------------------------------------------------------- /kubeproxy/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | 10 | # Test binary, build with `go test -c` 11 | *.test 12 | 13 | # Output of the go coverage tool, specifically when used with LiteIDE 14 | *.out 15 | 16 | # Kubernetes Generated files - skip generated files, except for vendored files 17 | 18 | !vendor/**/zz_generated.* 19 | 20 | # editor and IDE paraphernalia 21 | .idea 22 | *.swp 23 | *.swo 24 | *~ 25 | -------------------------------------------------------------------------------- /kubeproxy/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - leader_election_role.yaml 5 | - leader_election_role_binding.yaml 6 | - manager_role.yaml 7 | - manager_rolebinding.yaml 8 | # Comment the following 3 lines if you want to disable 9 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 10 | # which protects your /metrics endpoint. 11 | - auth_proxy_service.yaml 12 | - auth_proxy_role.yaml 13 | - auth_proxy_role_binding.yaml 14 | -------------------------------------------------------------------------------- /installer/README.md: -------------------------------------------------------------------------------- 1 | # addon-installer 2 | Installs addons from kustomize packages listed in a 3 | configuration file of type `addons.config.x-k8s.io/AddonInstallerConfiguration`. 4 | 5 | ### usage 6 | ```shell 7 | bin/installer --config demo/dupes.yaml 8 | bin/installer --config demo/v1alpha1.yaml 9 | ``` 10 | 11 | ### development 12 | ```shell 13 | # fetch deps + regenerate all API's 14 | make 15 | 16 | # build just the binary from existing files 17 | make only-build 18 | ``` 19 | -------------------------------------------------------------------------------- /metrics-server/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | 10 | # Test binary, build with `go test -c` 11 | *.test 12 | 13 | # Output of the go coverage tool, specifically when used with LiteIDE 14 | *.out 15 | 16 | # Kubernetes Generated files - skip generated files, except for vendored files 17 | 18 | !vendor/**/zz_generated.* 19 | 20 | # editor and IDE paraphernalia 21 | .idea 22 | *.swp 23 | *.swo 24 | *~ 25 | -------------------------------------------------------------------------------- /metrics-server/config/rbac/metricsserver_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do viewer metricsservers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: metricsserver-viewer-role 6 | rules: 7 | - apiGroups: 8 | - addons.x-k8s.io 9 | resources: 10 | - metricsservers 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - addons.x-k8s.io 17 | resources: 18 | - metricsservers/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /nodelocaldns/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | 10 | # Test binary, build with `go test -c` 11 | *.test 12 | 13 | # Output of the go coverage tool, specifically when used with LiteIDE 14 | *.out 15 | 16 | # Kubernetes Generated files - skip generated files, except for vendored files 17 | 18 | !vendor/**/zz_generated.* 19 | 20 | # editor and IDE paraphernalia 21 | .idea 22 | *.swp 23 | *.swo 24 | *~ 25 | -------------------------------------------------------------------------------- /nodelocaldns/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - manager_role.yaml 5 | - manager_role_binding.yaml 6 | - leader_election_role.yaml 7 | - leader_election_role_binding.yaml 8 | # Comment the following 3 lines if you want to disable 9 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 10 | # which protects your /metrics endpoint. 11 | - auth_proxy_service.yaml 12 | - auth_proxy_role.yaml 13 | - auth_proxy_role_binding.yaml 14 | -------------------------------------------------------------------------------- /tools/rbac-gen/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/cluster-addons/tools/rbac-gen 2 | 3 | go 1.16 4 | 5 | require ( 6 | github.com/spf13/cobra v1.2.1 7 | golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d // indirect 8 | golang.org/x/sys v0.0.0-20211015200801-69063c4bb744 // indirect 9 | k8s.io/api v0.22.1 10 | k8s.io/apimachinery v0.22.1 11 | k8s.io/klog/v2 v2.10.0 12 | sigs.k8s.io/kubebuilder-declarative-pattern v0.0.0-20211016153148-3503b7681414 13 | sigs.k8s.io/yaml v1.2.0 14 | ) 15 | -------------------------------------------------------------------------------- /coredns/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | testbin/* 10 | 11 | # Test binary, build with `go test -c` 12 | *.test 13 | 14 | # Output of the go coverage tool, specifically when used with LiteIDE 15 | *.out 16 | 17 | # Kubernetes Generated files - skip generated files, except for vendored files 18 | 19 | !vendor/**/zz_generated.* 20 | 21 | # editor and IDE paraphernalia 22 | .idea 23 | *.swp 24 | *.swo 25 | *~ 26 | -------------------------------------------------------------------------------- /kubeproxy/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | prometheus.io/port: "8443" 6 | prometheus.io/scheme: https 7 | prometheus.io/scrape: "true" 8 | labels: 9 | control-plane: controller-manager 10 | name: controller-manager-metrics-service 11 | namespace: system 12 | spec: 13 | ports: 14 | - name: https 15 | port: 8443 16 | targetPort: https 17 | selector: 18 | control-plane: controller-manager 19 | -------------------------------------------------------------------------------- /coredns/config/crd/patches/webhook_in_coredns.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: coredns.addons.x-k8s.io 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /dashboard/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /flannel/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /generic/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /tools/rbac-gen/pkg/convert/tests/simple.out.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | creationTimestamp: null 5 | name: generated-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | -------------------------------------------------------------------------------- /metrics-server/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /nodelocaldns/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /coredns/config/rbac/coredns_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit coredns. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: coredns-editor-role 6 | rules: 7 | - apiGroups: 8 | - addons.x-k8s.io 9 | resources: 10 | - coredns 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - addons.x-k8s.io 21 | resources: 22 | - coredns/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /kubeproxy/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: certmanager.k8s.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: certmanager.k8s.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: certmanager.k8s.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: certmanager.k8s.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /tools/kaml/pkg/xform/labels/testdata/remove-label/simple/input.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | foo: bar 6 | fooz: baz 7 | name: example 8 | namespace: default 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | foo: bar 14 | fooz: baz 15 | template: 16 | metadata: 17 | labels: 18 | foo: bar 19 | fooz: baz 20 | spec: 21 | containers: 22 | - image: example 23 | name: main 24 | -------------------------------------------------------------------------------- /flannel/config/rbac/role.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | creationTimestamp: null 7 | name: manager-role 8 | rules: 9 | - apiGroups: 10 | - addons.x-k8s.io 11 | resources: 12 | - flannels 13 | verbs: 14 | - create 15 | - delete 16 | - get 17 | - list 18 | - patch 19 | - update 20 | - watch 21 | - apiGroups: 22 | - addons.x-k8s.io 23 | resources: 24 | - flannels/status 25 | verbs: 26 | - get 27 | - patch 28 | - update 29 | -------------------------------------------------------------------------------- /generic/config/rbac/role.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | creationTimestamp: null 7 | name: manager-role 8 | rules: 9 | - apiGroups: 10 | - addons.x-k8s.io 11 | resources: 12 | - generics 13 | verbs: 14 | - create 15 | - delete 16 | - get 17 | - list 18 | - patch 19 | - update 20 | - watch 21 | - apiGroups: 22 | - addons.x-k8s.io 23 | resources: 24 | - generics/status 25 | verbs: 26 | - get 27 | - patch 28 | - update 29 | -------------------------------------------------------------------------------- /tools/rbac-gen/pkg/convert/tests/clusterrole.in.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | namespace: default 5 | name: pod-reader 6 | rules: 7 | - apiGroups: [""] 8 | resources: ["pods"] 9 | verbs: ["get", "watch", "list"] 10 | 11 | --- 12 | 13 | apiVersion: rbac.authorization.k8s.io/v1 14 | kind: ClusterRole 15 | metadata: 16 | name: secret-reader 17 | rules: 18 | - apiGroups: [""] 19 | resources: ["secrets"] 20 | verbs: ["get", "watch", "list"] 21 | 22 | 23 | -------------------------------------------------------------------------------- /kubeproxy/config/rbac/role.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | creationTimestamp: null 7 | name: manager-role 8 | rules: 9 | - apiGroups: 10 | - addons.x-k8s.io 11 | resources: 12 | - kubeproxies 13 | verbs: 14 | - create 15 | - delete 16 | - get 17 | - list 18 | - patch 19 | - update 20 | - watch 21 | - apiGroups: 22 | - addons.x-k8s.io 23 | resources: 24 | - kubeproxies/status 25 | verbs: 26 | - get 27 | - patch 28 | - update 29 | -------------------------------------------------------------------------------- /nodelocaldns/config/rbac/role.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | creationTimestamp: null 7 | name: manager-role 8 | rules: 9 | - apiGroups: 10 | - addons.x-k8s.io 11 | resources: 12 | - nodelocaldns 13 | verbs: 14 | - create 15 | - delete 16 | - get 17 | - list 18 | - patch 19 | - update 20 | - watch 21 | - apiGroups: 22 | - addons.x-k8s.io 23 | resources: 24 | - nodelocaldns/status 25 | verbs: 26 | - get 27 | - patch 28 | - update 29 | -------------------------------------------------------------------------------- /flannel/config/rbac/flannel_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do edit flannels. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: flannel-editor-role 6 | rules: 7 | - apiGroups: 8 | - addons.x-k8s.io 9 | resources: 10 | - flannels 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - addons.x-k8s.io 21 | resources: 22 | - flannels/status 23 | verbs: 24 | - get 25 | - patch 26 | - update 27 | -------------------------------------------------------------------------------- /dashboard/config/rbac/dashboard_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do edit dashboards. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: dashboard-editor-role 6 | rules: 7 | - apiGroups: 8 | - addons.x-k8s.io 9 | resources: 10 | - dashboards 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - addons.x-k8s.io 21 | resources: 22 | - dashboards/status 23 | verbs: 24 | - get 25 | - patch 26 | - update 27 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/Gopkg.lock: -------------------------------------------------------------------------------- 1 | # This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. 2 | 3 | 4 | [[projects]] 5 | name = "github.com/modern-go/concurrent" 6 | packages = ["."] 7 | revision = "e0a39a4cb4216ea8db28e22a69f4ec25610d513a" 8 | version = "1.0.0" 9 | 10 | [solve-meta] 11 | analyzer-name = "dep" 12 | analyzer-version = 1 13 | inputs-digest = "daee8a88b3498b61c5640056665b8b9eea062006f5e596bbb6a3ed9119a11ec7" 14 | solver-name = "gps-cdcl" 15 | solver-version = 1 16 | -------------------------------------------------------------------------------- /generic/config/rbac/generic_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do edit generics. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: generic-editor-role 6 | rules: 7 | - apiGroups: 8 | - addons.x-k8s.io 9 | resources: 10 | # <-------- 11 | - generics 12 | verbs: 13 | - create 14 | - delete 15 | - get 16 | - list 17 | - patch 18 | - update 19 | - watch 20 | - apiGroups: 21 | - addons.x-k8s.io 22 | resources: 23 | - generics/status 24 | verbs: 25 | - get 26 | - patch 27 | - update 28 | -------------------------------------------------------------------------------- /nodelocaldns/config/rbac/localnodedns_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do edit nodelocaldns. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: nodelocaldns-editor-role 6 | rules: 7 | - apiGroups: 8 | - addons.x-k8s.io 9 | resources: 10 | - nodelocaldns 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - addons.x-k8s.io 21 | resources: 22 | - nodelocaldns/status 23 | verbs: 24 | - get 25 | - patch 26 | - update 27 | -------------------------------------------------------------------------------- /installer/vendor/k8s.io/klog/RELEASE.md: -------------------------------------------------------------------------------- 1 | # Release Process 2 | 3 | The `klog` is released on an as-needed basis. The process is as follows: 4 | 5 | 1. An issue is proposing a new release with a changelog since the last release 6 | 1. All [OWNERS](OWNERS) must LGTM this release 7 | 1. An OWNER runs `git tag -s $VERSION` and inserts the changelog and pushes the tag with `git push $VERSION` 8 | 1. The release issue is closed 9 | 1. An announcement email is sent to `kubernetes-dev@googlegroups.com` with the subject `[ANNOUNCE] kubernetes-template-project $VERSION is released` 10 | -------------------------------------------------------------------------------- /metrics-server/config/rbac/metricsserver_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do edit metricsservers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: metricsserver-editor-role 6 | rules: 7 | - apiGroups: 8 | - addons.x-k8s.io 9 | resources: 10 | - metricsservers 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - addons.x-k8s.io 21 | resources: 22 | - metricsservers/status 23 | verbs: 24 | - get 25 | - patch 26 | - update 27 | -------------------------------------------------------------------------------- /nodelocaldns/config/rbac/manager_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: main-manager-role 5 | rules: 6 | - apiGroups: [""] 7 | resources: ["services", "serviceaccounts", "configmaps"] 8 | verbs: ["create", "get", "list", "watch", "delete", "patch"] 9 | - apiGroups: ["apps"] 10 | resources: ["daemonsets"] 11 | verbs: ["create", "get", "list", "watch", "delete", "patch"] 12 | - apiGroups: ["app.k8s.io"] 13 | resources: ["applications"] 14 | verbs: ["create", "get", "list", "watch", "delete", "patch"] 15 | -------------------------------------------------------------------------------- /tools/rbac-gen/pkg/convert/yaml.go: -------------------------------------------------------------------------------- 1 | package convert 2 | 3 | import ( 4 | "bytes" 5 | 6 | "k8s.io/apimachinery/pkg/runtime" 7 | "sigs.k8s.io/yaml" 8 | ) 9 | 10 | // ToYAML convert objects to a YAML multidoc string 11 | func ToYAML(objects []runtime.Object) ([]byte, error) { 12 | var buf bytes.Buffer 13 | 14 | for i, obj := range objects { 15 | if i != 0 { 16 | buf.WriteString("\n---\n\n") 17 | } 18 | 19 | b, err := yaml.Marshal(obj) 20 | if err != nil { 21 | return nil, err 22 | } 23 | buf.Write(b) 24 | } 25 | 26 | return buf.Bytes(), nil 27 | } 28 | -------------------------------------------------------------------------------- /dashboard/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /flannel/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /generic/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /kubeproxy/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /kubeproxy/config/default/manager_prometheus_metrics_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch enables Prometheus scraping for the manager pod. 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: controller-manager 6 | namespace: system 7 | spec: 8 | template: 9 | metadata: 10 | annotations: 11 | prometheus.io/scrape: 'true' 12 | spec: 13 | containers: 14 | # Expose the prometheus metrics on default port 15 | - name: manager 16 | ports: 17 | - containerPort: 8080 18 | name: metrics 19 | protocol: TCP 20 | -------------------------------------------------------------------------------- /nodelocaldns/controllers/utils.go: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import ( 4 | "context" 5 | 6 | corev1 "k8s.io/api/core/v1" 7 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 8 | "sigs.k8s.io/controller-runtime/pkg/client" 9 | ) 10 | 11 | func findKubeProxyMode(ctx context.Context, c client.Client) (string, error) { 12 | kubeProxyConfigMap := &corev1.ConfigMap{} 13 | id := client.ObjectKey{Namespace: metav1.NamespaceSystem, Name: "kube-proxy"} 14 | 15 | err := c.Get(ctx, id, kubeProxyConfigMap) 16 | mode := kubeProxyConfigMap.Data["mode"] 17 | 18 | return mode, err 19 | } 20 | -------------------------------------------------------------------------------- /installer/vendor/sigs.k8s.io/yaml/RELEASE.md: -------------------------------------------------------------------------------- 1 | # Release Process 2 | 3 | The `yaml` Project is released on an as-needed basis. The process is as follows: 4 | 5 | 1. An issue is proposing a new release with a changelog since the last release 6 | 1. All [OWNERS](OWNERS) must LGTM this release 7 | 1. An OWNER runs `git tag -s $VERSION` and inserts the changelog and pushes the tag with `git push $VERSION` 8 | 1. The release issue is closed 9 | 1. An announcement email is sent to `kubernetes-dev@googlegroups.com` with the subject `[ANNOUNCE] kubernetes-template-project $VERSION is released` 10 | -------------------------------------------------------------------------------- /metrics-server/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /nodelocaldns/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /SECURITY_CONTACTS: -------------------------------------------------------------------------------- 1 | # Defined below are the security contacts for this repo. 2 | # 3 | # They are the contact point for the Product Security Committee to reach out 4 | # to for triaging and handling of incoming issues. 5 | # 6 | # The below names agree to abide by the 7 | # [Embargo Policy](https://git.k8s.io/security/private-distributors-list.md#embargo-policy) 8 | # and will be removed and replaced if they violate that agreement. 9 | # 10 | # DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE 11 | # INSTRUCTIONS AT https://kubernetes.io/security/ 12 | 13 | justinsb 14 | -------------------------------------------------------------------------------- /flannel/controllers/flannel_controller_test.go: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import ( 4 | "testing" 5 | 6 | api "sigs.k8s.io/cluster-addons/flannel/api/v1alpha1" 7 | 8 | "sigs.k8s.io/kubebuilder-declarative-pattern/pkg/test/golden" 9 | ) 10 | 11 | func TestFlannel(t *testing.T) { 12 | v := golden.NewValidator(t, api.SchemeBuilder) 13 | 14 | dr := &FlannelReconciler{ 15 | Client: v.Manager().GetClient(), 16 | } 17 | 18 | err := dr.setupReconciler(v.Manager()) 19 | if err != nil { 20 | t.Fatalf("creating reconciler: %v", err) 21 | } 22 | 23 | v.Validate(dr.Reconciler) 24 | } 25 | -------------------------------------------------------------------------------- /installer/demo/v1alpha1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.config.x-k8s.io/v1alpha1 2 | kind: AddonInstallerConfiguration 3 | addons: 4 | - name: helloWorld 5 | kustomizeRef: ../../kustomize/examples/helloWorld 6 | - name: multibases 7 | kustomizeRef: github.com/kubernetes-sigs/kustomize//examples/multibases/dev/?ref=v1.0.6 8 | # - name: docker-example 9 | # kustomizeRef: docker://stealthybox/kustomize-pod:latest 10 | # - name: docker-daemon-example 11 | # kustomizeRef: docker-daemon:stealthybox/kustomize-pod:latest 12 | # - name: oci-example 13 | # kustomizeRef: oci:./stealthybox/kustomize-pod:latest 14 | -------------------------------------------------------------------------------- /coredns/config/default/manager_config_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | args: 12 | - "--config=controller_manager_config.yaml" 13 | volumeMounts: 14 | - name: manager-config 15 | mountPath: /controller_manager_config.yaml 16 | subPath: controller_manager_config.yaml 17 | volumes: 18 | - name: manager-config 19 | configMap: 20 | name: manager-config 21 | -------------------------------------------------------------------------------- /dashboard/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - update 26 | - patch 27 | - apiGroups: 28 | - "" 29 | resources: 30 | - events 31 | verbs: 32 | - create 33 | -------------------------------------------------------------------------------- /dev/staging/cloudbuild.yaml: -------------------------------------------------------------------------------- 1 | # See https://cloud.google.com/cloud-build/docs/build-config 2 | options: 3 | substitution_option: ALLOW_LOOSE 4 | machineType: 'N1_HIGHCPU_8' 5 | steps: 6 | - name: gcr.io/k8s-testimages/krte:latest-master 7 | env: 8 | - PULL_BASE_REF=$_PULL_BASE_REF 9 | - VERSION=$_GIT_TAG 10 | - DOCKER_REGISTRY=$_DOCKER_REGISTRY 11 | - DOCKER_IMAGE_PREFIX=$_DOCKER_IMAGE_PREFIX 12 | entrypoint: dev/staging/push.sh 13 | substitutions: 14 | _GIT_TAG: 'dev' 15 | _PULL_BASE_REF: 'dev' 16 | _DOCKER_REGISTRY: 'gcr.io' 17 | _DOCKER_IMAGE_PREFIX: 'k8s-staging-cluster-addons/' 18 | -------------------------------------------------------------------------------- /flannel/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - update 26 | - patch 27 | - apiGroups: 28 | - "" 29 | resources: 30 | - events 31 | verbs: 32 | - create 33 | -------------------------------------------------------------------------------- /flannel/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ -------------------------------------------------------------------------------- /generic/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - update 26 | - patch 27 | - apiGroups: 28 | - "" 29 | resources: 30 | - events 31 | verbs: 32 | - create 33 | -------------------------------------------------------------------------------- /generic/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ -------------------------------------------------------------------------------- /kubeproxy/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - update 26 | - patch 27 | - apiGroups: 28 | - "" 29 | resources: 30 | - events 31 | verbs: 32 | - create 33 | -------------------------------------------------------------------------------- /coredns/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | scheme: https 15 | bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 16 | tlsConfig: 17 | insecureSkipVerify: true 18 | selector: 19 | matchLabels: 20 | control-plane: controller-manager 21 | -------------------------------------------------------------------------------- /dashboard/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ -------------------------------------------------------------------------------- /installer/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ -------------------------------------------------------------------------------- /kubeproxy/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ -------------------------------------------------------------------------------- /metrics-server/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - update 26 | - patch 27 | - apiGroups: 28 | - "" 29 | resources: 30 | - events 31 | verbs: 32 | - create 33 | -------------------------------------------------------------------------------- /nodelocaldns/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - update 26 | - patch 27 | - apiGroups: 28 | - "" 29 | resources: 30 | - events 31 | verbs: 32 | - create 33 | -------------------------------------------------------------------------------- /nodelocaldns/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ -------------------------------------------------------------------------------- /coredns/channels/packages/coredns/1.7.0/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | kubernetes.io/bootstrapping: rbac-defaults 6 | kubernetes.io/cluster-service: "true" 7 | kubernetes.io/name: "CoreDNS" 8 | addonmanager.kubernetes.io/mode: EnsureExists 9 | name: system:coredns 10 | rules: 11 | - apiGroups: 12 | - "" 13 | resources: 14 | - endpoints 15 | - services 16 | - pods 17 | - namespaces 18 | verbs: 19 | - list 20 | - watch 21 | - apiGroups: 22 | - "" 23 | resources: 24 | - nodes 25 | verbs: 26 | - get -------------------------------------------------------------------------------- /installer/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs at https://go.k8s.io/owners 2 | 3 | reviewers: 4 | - thockin 5 | - smarterclayton 6 | - wojtek-t 7 | - deads2k 8 | - brendandburns 9 | - caesarxuchao 10 | - liggitt 11 | - nikhiljindal 12 | - gmarek 13 | - erictune 14 | - davidopp 15 | - sttts 16 | - quinton-hoole 17 | - luxas 18 | - janetkuo 19 | - justinsb 20 | - ncdc 21 | - soltysh 22 | - dims 23 | - madhusudancs 24 | - hongchaodeng 25 | - krousey 26 | - mml 27 | - mbohlool 28 | - david-mcmahon 29 | - therc 30 | - mqliang 31 | - kevin-wangzefeng 32 | - jianhuiz 33 | - feihujiang 34 | -------------------------------------------------------------------------------- /coredns/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | version: v1 8 | group: apiextensions.k8s.io 9 | path: spec/conversion/webhook/clientConfig/service/name 10 | 11 | namespace: 12 | - kind: CustomResourceDefinition 13 | version: v1 14 | group: apiextensions.k8s.io 15 | path: spec/conversion/webhook/clientConfig/service/namespace 16 | create: false 17 | 18 | varReference: 19 | - path: metadata/annotations 20 | -------------------------------------------------------------------------------- /test/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /installer/vendor/golang.org/x/net/http2/not_go111.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build !go1.11 6 | 7 | package http2 8 | 9 | import ( 10 | "net/http/httptrace" 11 | "net/textproto" 12 | ) 13 | 14 | func traceHasWroteHeaderField(trace *httptrace.ClientTrace) bool { return false } 15 | 16 | func traceWroteHeaderField(trace *httptrace.ClientTrace, k, v string) {} 17 | 18 | func traceGot1xxResponseFunc(trace *httptrace.ClientTrace) func(int, textproto.MIMEHeader) error { 19 | return nil 20 | } 21 | -------------------------------------------------------------------------------- /installer/vendor/gopkg.in/yaml.v2/NOTICE: -------------------------------------------------------------------------------- 1 | Copyright 2011-2016 Canonical Ltd. 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /coredns/channels/packages/coredns/1.7.0/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | annotations: 5 | rbac.authorization.kubernetes.io/autoupdate: "true" 6 | labels: 7 | kubernetes.io/bootstrapping: rbac-defaults 8 | kubernetes.io/cluster-service: "true" 9 | kubernetes.io/name: "CoreDNS" 10 | addonmanager.kubernetes.io/mode: EnsureExists 11 | name: system:coredns 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: system:coredns 16 | subjects: 17 | - kind: ServiceAccount 18 | name: coredns 19 | namespace: kube-system -------------------------------------------------------------------------------- /coredns/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /flannel/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /flannel/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/cluster-addons/flannel 2 | 3 | go 1.16 4 | 5 | require ( 6 | github.com/emicklei/go-restful v2.9.6+incompatible // indirect 7 | github.com/go-logr/logr v0.1.0 8 | github.com/golang/groupcache v0.0.0-20191027212112-611e8accdfc9 // indirect 9 | github.com/google/go-cmp v0.3.1 // indirect 10 | github.com/hashicorp/golang-lru v0.5.3 // indirect 11 | golang.org/x/time v0.0.0-20191024005414-555d28b269f0 // indirect 12 | k8s.io/apimachinery v0.18.2 13 | k8s.io/client-go v0.18.2 14 | sigs.k8s.io/controller-runtime v0.6.0 15 | sigs.k8s.io/kubebuilder-declarative-pattern v0.0.0-20200605153943-bafc349a4a84 16 | ) 17 | -------------------------------------------------------------------------------- /generic/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /coredns/channels/packages/coredns/1.8.0/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | annotations: 5 | rbac.authorization.kubernetes.io/autoupdate: "true" 6 | labels: 7 | kubernetes.io/bootstrapping: rbac-defaults 8 | kubernetes.io/cluster-service: "true" 9 | kubernetes.io/name: "CoreDNS" 10 | addonmanager.kubernetes.io/mode: EnsureExists 11 | name: system:coredns 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: system:coredns 16 | subjects: 17 | - kind: ServiceAccount 18 | name: coredns 19 | namespace: kube-system 20 | -------------------------------------------------------------------------------- /coredns/channels/packages/coredns/1.8.4/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | annotations: 5 | rbac.authorization.kubernetes.io/autoupdate: "true" 6 | labels: 7 | kubernetes.io/bootstrapping: rbac-defaults 8 | kubernetes.io/cluster-service: "true" 9 | kubernetes.io/name: "CoreDNS" 10 | addonmanager.kubernetes.io/mode: EnsureExists 11 | name: system:coredns 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: system:coredns 16 | subjects: 17 | - kind: ServiceAccount 18 | name: coredns 19 | namespace: kube-system 20 | -------------------------------------------------------------------------------- /dashboard/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /kubeproxy/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /metrics-server/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /nodelocaldns/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /coredns/PROJECT: -------------------------------------------------------------------------------- 1 | domain: x-k8s.io 2 | layout: 3 | - go.kubebuilder.io/v3 4 | - declarative.go.kubebuilder.io/v1 5 | - klogr.go.kubebuilder.io/v2 6 | plugins: 7 | declarative.go.kubebuilder.io/v1: 8 | resources: 9 | - domain: x-k8s.io 10 | group: addons 11 | kind: CoreDNS 12 | version: v1alpha1 13 | projectName: coredns 14 | repo: sigs.k8s.io/cluster-addons/coredns 15 | resources: 16 | - api: 17 | crdVersion: v1 18 | namespaced: true 19 | controller: true 20 | domain: x-k8s.io 21 | group: addons 22 | kind: CoreDNS 23 | path: sigs.k8s.io/cluster-addons/coredns/api/v1alpha1 24 | version: v1alpha1 25 | version: "3" 26 | -------------------------------------------------------------------------------- /coredns/channels/packages/coredns/1.8.0/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | kubernetes.io/bootstrapping: rbac-defaults 6 | kubernetes.io/cluster-service: "true" 7 | kubernetes.io/name: "CoreDNS" 8 | addonmanager.kubernetes.io/mode: EnsureExists 9 | name: system:coredns 10 | rules: 11 | - apiGroups: 12 | - "" 13 | resources: 14 | - endpoints 15 | - services 16 | - pods 17 | - namespaces 18 | verbs: 19 | - list 20 | - watch 21 | - apiGroups: 22 | - discovery.k8s.io 23 | resources: 24 | - endpointslices 25 | verbs: 26 | - list 27 | - watch 28 | -------------------------------------------------------------------------------- /coredns/channels/packages/coredns/1.8.4/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | kubernetes.io/bootstrapping: rbac-defaults 6 | kubernetes.io/cluster-service: "true" 7 | kubernetes.io/name: "CoreDNS" 8 | addonmanager.kubernetes.io/mode: EnsureExists 9 | name: system:coredns 10 | rules: 11 | - apiGroups: 12 | - "" 13 | resources: 14 | - endpoints 15 | - services 16 | - pods 17 | - namespaces 18 | verbs: 19 | - list 20 | - watch 21 | - apiGroups: 22 | - discovery.k8s.io 23 | resources: 24 | - endpointslices 25 | verbs: 26 | - list 27 | - watch 28 | -------------------------------------------------------------------------------- /metrics-server/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /generic/go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/cluster-addons/generic 2 | 3 | go 1.16 4 | 5 | require ( 6 | github.com/go-logr/logr v0.1.0 7 | github.com/go-openapi/spec v0.19.5 // indirect 8 | github.com/pkg/errors v0.9.1 // indirect 9 | github.com/spf13/cobra v1.0.0 // indirect 10 | gopkg.in/yaml.v2 v2.3.0 // indirect 11 | k8s.io/apimachinery v0.18.4 12 | k8s.io/client-go v0.18.4 13 | sigs.k8s.io/controller-runtime v0.6.0 14 | sigs.k8s.io/kubebuilder-declarative-pattern v0.0.0-20200721120314-d8f3ce551a4a 15 | ) 16 | 17 | replace sigs.k8s.io/kubebuilder-declarative-pattern => github.com/SomtochiAma/kubebuilder-declarative-pattern v0.0.0-20200723151822-4aa1e9692ce6 18 | -------------------------------------------------------------------------------- /installer/vendor/github.com/gogo/protobuf/AUTHORS: -------------------------------------------------------------------------------- 1 | # This is the official list of GoGo authors for copyright purposes. 2 | # This file is distinct from the CONTRIBUTORS file, which 3 | # lists people. For example, employees are listed in CONTRIBUTORS, 4 | # but not in AUTHORS, because the employer holds the copyright. 5 | 6 | # Names should be added to this file as one of 7 | # Organization's name 8 | # Individual's name 9 | # Individual's name 10 | 11 | # Please keep the list sorted. 12 | 13 | Sendgrid, Inc 14 | Vastech SA (PTY) LTD 15 | Walter Schulze 16 | -------------------------------------------------------------------------------- /flannel/controllers/tests/patches-stable.in.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: Flannel 3 | metadata: 4 | name: flannel-sample 5 | namespace: kube-system 6 | spec: 7 | channel: stable 8 | patches: 9 | - apiVersion: v1 10 | kind: ConfigMap 11 | metadata: 12 | name: kube-flannel-cfg 13 | namespace: kube-system 14 | data: 15 | net-conf.json: | 16 | { 17 | "Network": "10.0.0.0/8", 18 | "SubnetLen": 20, 19 | "SubnetMin": "10.10.0.0", 20 | "SubnetMax": "10.99.0.0", 21 | "Backend": { 22 | "Type": "udp", 23 | "Port": 7890 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /coredns/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - coordination.k8s.io 21 | resources: 22 | - leases 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - create 28 | - update 29 | - patch 30 | - delete 31 | - apiGroups: 32 | - "" 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | -------------------------------------------------------------------------------- /flannel/config/samples/addons_v1alpha1_flannel.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: Flannel 3 | metadata: 4 | name: flannel-sample 5 | namespace: kube-system 6 | spec: 7 | channel: stable 8 | patches: 9 | - apiVersion: v1 10 | kind: ConfigMap 11 | metadata: 12 | name: kube-flannel-cfg 13 | namespace: kube-system 14 | data: 15 | net-conf.json: | 16 | { 17 | "Network": "10.0.0.0/8", 18 | "SubnetLen": 20, 19 | "SubnetMin": "10.10.0.0", 20 | "SubnetMax": "10.99.0.0", 21 | "Backend": { 22 | "Type": "udp", 23 | "Port": 7890 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /installer/vendor/k8s.io/klog/SECURITY_CONTACTS: -------------------------------------------------------------------------------- 1 | # Defined below are the security contacts for this repo. 2 | # 3 | # They are the contact point for the Product Security Committee to reach out 4 | # to for triaging and handling of incoming issues. 5 | # 6 | # The below names agree to abide by the 7 | # [Embargo Policy](https://git.k8s.io/security/private-distributors-list.md#embargo-policy) 8 | # and will be removed and replaced if they violate that agreement. 9 | # 10 | # DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE 11 | # INSTRUCTIONS AT https://kubernetes.io/security/ 12 | 13 | dims 14 | thockin 15 | justinsb 16 | tallclair 17 | piosz 18 | brancz 19 | DirectXMan12 20 | lavalamp 21 | -------------------------------------------------------------------------------- /coredns/channels/packages/coredns/1.7.0/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kube-dns 5 | namespace: kube-system 6 | annotations: 7 | prometheus.io/port: "9153" 8 | prometheus.io/scrape: "true" 9 | labels: 10 | k8s-app: kube-dns 11 | kubernetes.io/cluster-service: "true" 12 | kubernetes.io/name: "CoreDNS" 13 | addonmanager.kubernetes.io/mode: EnsureExists 14 | spec: 15 | selector: 16 | k8s-app: kube-dns 17 | clusterIP: {{ .DNSIP }} 18 | ports: 19 | - name: dns 20 | port: 53 21 | protocol: UDP 22 | - name: dns-tcp 23 | port: 53 24 | protocol: TCP 25 | - name: metrics 26 | port: 9153 27 | protocol: TCP -------------------------------------------------------------------------------- /coredns/channels/packages/coredns/1.8.0/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kube-dns 5 | namespace: kube-system 6 | annotations: 7 | prometheus.io/port: "9153" 8 | prometheus.io/scrape: "true" 9 | labels: 10 | k8s-app: kube-dns 11 | kubernetes.io/cluster-service: "true" 12 | kubernetes.io/name: "CoreDNS" 13 | addonmanager.kubernetes.io/mode: EnsureExists 14 | spec: 15 | selector: 16 | k8s-app: kube-dns 17 | clusterIP: {{ .DNSIP }} 18 | ports: 19 | - name: dns 20 | port: 53 21 | protocol: UDP 22 | - name: dns-tcp 23 | port: 53 24 | protocol: TCP 25 | - name: metrics 26 | port: 9153 27 | protocol: TCP 28 | -------------------------------------------------------------------------------- /coredns/channels/packages/coredns/1.8.4/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kube-dns 5 | namespace: kube-system 6 | annotations: 7 | prometheus.io/port: "9153" 8 | prometheus.io/scrape: "true" 9 | labels: 10 | k8s-app: kube-dns 11 | kubernetes.io/cluster-service: "true" 12 | kubernetes.io/name: "CoreDNS" 13 | addonmanager.kubernetes.io/mode: EnsureExists 14 | spec: 15 | selector: 16 | k8s-app: kube-dns 17 | clusterIP: {{ .DNSIP }} 18 | ports: 19 | - name: dns 20 | port: 53 21 | protocol: UDP 22 | - name: dns-tcp 23 | port: 53 24 | protocol: TCP 25 | - name: metrics 26 | port: 9153 27 | protocol: TCP 28 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/concurrent/executor.go: -------------------------------------------------------------------------------- 1 | package concurrent 2 | 3 | import "context" 4 | 5 | // Executor replace go keyword to start a new goroutine 6 | // the goroutine should cancel itself if the context passed in has been cancelled 7 | // the goroutine started by the executor, is owned by the executor 8 | // we can cancel all executors owned by the executor just by stop the executor itself 9 | // however Executor interface does not Stop method, the one starting and owning executor 10 | // should use the concrete type of executor, instead of this interface. 11 | type Executor interface { 12 | // Go starts a new goroutine controlled by the context 13 | Go(handler func(ctx context.Context)) 14 | } 15 | -------------------------------------------------------------------------------- /flannel/config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1beta1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1beta1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /generic/config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1beta1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1beta1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /installer/vendor/github.com/json-iterator/go/Gopkg.lock: -------------------------------------------------------------------------------- 1 | # This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. 2 | 3 | 4 | [[projects]] 5 | name = "github.com/modern-go/concurrent" 6 | packages = ["."] 7 | revision = "e0a39a4cb4216ea8db28e22a69f4ec25610d513a" 8 | version = "1.0.0" 9 | 10 | [[projects]] 11 | name = "github.com/modern-go/reflect2" 12 | packages = ["."] 13 | revision = "4b7aa43c6742a2c18fdef89dd197aaae7dac7ccd" 14 | version = "1.0.1" 15 | 16 | [solve-meta] 17 | analyzer-name = "dep" 18 | analyzer-version = 1 19 | inputs-digest = "ea54a775e5a354cb015502d2e7aa4b74230fc77e894f34a838b268c25ec8eeb8" 20 | solver-name = "gps-cdcl" 21 | solver-version = 1 22 | -------------------------------------------------------------------------------- /metrics-server/controllers/tests/patches.in.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: MetricsServer 3 | metadata: 4 | name: metricsserver 5 | spec: 6 | patches: 7 | - apiVersion: apps/v1 8 | kind: Deployment 9 | metadata: 10 | name: metrics-server 11 | namespace: kube-system 12 | spec: 13 | template: 14 | spec: 15 | containers: 16 | - name: metrics-server 17 | args: 18 | - "--kubelet-insecure-tls" 19 | - "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname" 20 | # Patching args is reasonable for developing. 21 | # see https://github.com/kubernetes-sigs/metrics-server#deployment 22 | 23 | -------------------------------------------------------------------------------- /tools/rbac-gen/pkg/convert/tests/clusterrole.out.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | creationTimestamp: null 5 | name: generated-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - pods 11 | - secrets 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | - apiGroups: 17 | - rbac.authorization.k8s.io 18 | resources: 19 | - clusterroles 20 | - roles 21 | verbs: 22 | - create 23 | - delete 24 | - get 25 | - list 26 | - patch 27 | - update 28 | - watch 29 | - apiGroups: 30 | - rbac.authorization.k8s.io 31 | resources: 32 | - clusterroles/status 33 | - roles/status 34 | verbs: 35 | - get 36 | - list 37 | - watch 38 | -------------------------------------------------------------------------------- /dashboard/config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1beta1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1beta1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /flannel/config/crd/patches/webhook_in_flannels.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: flannels.addons.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /generic/config/crd/patches/webhook_in_generics.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: generics.addons.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /installer/vendor/sigs.k8s.io/yaml/SECURITY_CONTACTS: -------------------------------------------------------------------------------- 1 | # Defined below are the security contacts for this repo. 2 | # 3 | # They are the contact point for the Product Security Team to reach out 4 | # to for triaging and handling of incoming issues. 5 | # 6 | # The below names agree to abide by the 7 | # [Embargo Policy](https://github.com/kubernetes/sig-release/blob/master/security-release-process-documentation/security-release-process.md#embargo-policy) 8 | # and will be removed and replaced if they violate that agreement. 9 | # 10 | # DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE 11 | # INSTRUCTIONS AT https://kubernetes.io/security/ 12 | 13 | cjcullen 14 | jessfraz 15 | liggitt 16 | philips 17 | tallclair 18 | -------------------------------------------------------------------------------- /nodelocaldns/config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1beta1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1beta1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /installer/pkg/apis/config/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ 15 | 16 | // +k8s:deepcopy-gen=package 17 | package config // import "sigs.k8s.io/cluster-addons/installer/pkg/apis/config" 18 | -------------------------------------------------------------------------------- /kubeproxy/config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1beta1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | certmanager.k8s.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1beta1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | certmanager.k8s.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /metrics-server/config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1beta1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1beta1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /tools/rbac-gen/pkg/convert/tests/duplicates.in.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: test-cm 5 | data: 6 | ENV: test 7 | 8 | --- 9 | 10 | apiVersion: v1 11 | kind: ConfigMap 12 | metadata: 13 | name: test-cm 14 | data: 15 | COLOR: blue 16 | 17 | --- 18 | 19 | apiVersion: apps/v1 20 | kind: Deployment 21 | metadata: 22 | name: nginx-deployment 23 | labels: 24 | app: nginx 25 | spec: 26 | replicas: 3 27 | selector: 28 | matchLabels: 29 | app: nginx 30 | template: 31 | metadata: 32 | labels: 33 | app: nginx 34 | spec: 35 | containers: 36 | - name: nginx 37 | image: nginx:1.14.2 38 | ports: 39 | - containerPort: 80 40 | -------------------------------------------------------------------------------- /dashboard/config/crd/patches/webhook_in_dashboards.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: dashboards.addons.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /kubeproxy/config/crd/patches/webhook_in_kubeproxies.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: kubeproxies.addons.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /metrics-server/config/samples/addons_v1alpha1_metricsserver.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: MetricsServer 3 | metadata: 4 | name: metricsserver 5 | spec: 6 | patches: 7 | - apiVersion: apps/v1 8 | kind: Deployment 9 | metadata: 10 | name: metrics-server 11 | namespace: kube-system 12 | spec: 13 | template: 14 | spec: 15 | containers: 16 | - name: metrics-server 17 | args: 18 | - "--kubelet-insecure-tls" 19 | - "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname" 20 | # Patching args is reasonable for developing. 21 | # see https://github.com/kubernetes-sigs/metrics-server#deployment 22 | 23 | -------------------------------------------------------------------------------- /installer/vendor/golang.org/x/net/http2/README: -------------------------------------------------------------------------------- 1 | This is a work-in-progress HTTP/2 implementation for Go. 2 | 3 | It will eventually live in the Go standard library and won't require 4 | any changes to your code to use. It will just be automatic. 5 | 6 | Status: 7 | 8 | * The server support is pretty good. A few things are missing 9 | but are being worked on. 10 | * The client work has just started but shares a lot of code 11 | is coming along much quicker. 12 | 13 | Docs are at https://godoc.org/golang.org/x/net/http2 14 | 15 | Demo test server at https://http2.golang.org/ 16 | 17 | Help & bug reports welcome! 18 | 19 | Contributing: https://golang.org/doc/contribute.html 20 | Bugs: https://golang.org/issue/new?title=x/net/http2:+ 21 | -------------------------------------------------------------------------------- /nodelocaldns/config/crd/patches/webhook_in_nodelocaldns.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: nodelocaldns.addons.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /metrics-server/config/crd/patches/webhook_in_metricsservers.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1beta1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: metricsservers.addons.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /coredns/config/samples/addons_v1alpha1_coredns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: CoreDNS 3 | metadata: 4 | name: coredns-operator 5 | namespace: kube-system 6 | spec: 7 | version: 1.8.4 8 | dnsDomain: cluster.local 9 | dnsIP: 10.96.0.10 10 | corefile: | 11 | .:53 { 12 | errors 13 | health { 14 | lameduck 5s 15 | } 16 | ready 17 | kubernetes cluster.local in-addr.arpa ip6.arpa { 18 | fallthrough in-addr.arpa ip6.arpa 19 | ttl 30 20 | } 21 | prometheus :9153 22 | forward . /etc/resolv.conf { 23 | max_concurrent 1000 24 | } 25 | cache 30 26 | loop 27 | reload 28 | loadbalance 29 | } -------------------------------------------------------------------------------- /coredns/controllers/tests/patches-stable.in.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.x-k8s.io/v1alpha1 2 | kind: CoreDNS 3 | metadata: 4 | name: coredns-operator 5 | namespace: kube-system 6 | spec: 7 | channel: stable 8 | dnsDomain: cluster.local 9 | dnsIP: 10.96.0.10 10 | corefile: | 11 | .:53 { 12 | errors 13 | health { 14 | lameduck 5s 15 | } 16 | ready 17 | kubernetes cluster.local in-addr.arpa ip6.arpa { 18 | pods insecure 19 | fallthrough in-addr.arpa ip6.arpa 20 | ttl 30 21 | } 22 | prometheus :9153 23 | forward . /etc/resolv.conf { 24 | max_concurrent 1000 25 | } 26 | cache 30 27 | loop 28 | reload 29 | loadbalance 30 | } -------------------------------------------------------------------------------- /installer/vendor/github.com/google/gofuzz/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2014 Google Inc. All rights reserved. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package fuzz is a library for populating go objects with random values. 18 | package fuzz 19 | -------------------------------------------------------------------------------- /installer/demo/dupes.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: addons.config.x-k8s.io/v1alpha1 2 | kind: AddonInstallerConfiguration 3 | addons: 4 | - name: helloWorld 5 | kustomizeRef: ../../kustomize/examples/helloWorld 6 | - name: multibases 7 | kustomizeRef: github.com/kubernetes-sigs/kustomize//examples/multibases/dev/?ref=v1.0.6 8 | - name: helloWorld 9 | kustomizeRef: ../../kustomize/examples/helloWorld 10 | - name: multibases 11 | kustomizeRef: github.com/kubernetes-sigs/kustomize//examples/multibases/dev/?ref=v1.0.6 12 | # - name: docker-example 13 | # kustomizeRef: docker://stealthybox/kustomize-pod:latest 14 | # - name: docker-daemon-example 15 | # kustomizeRef: docker-daemon:stealthybox/kustomize-pod:latest 16 | # - name: oci-example 17 | # kustomizeRef: oci:./stealthybox/kustomize-pod:latest 18 | -------------------------------------------------------------------------------- /coredns/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | # All RBAC will be applied under this service account in 3 | # the deployment namespace. You may comment out this resource 4 | # if your manager will use a service account that exists at 5 | # runtime. Be sure to update RoleBinding and ClusterRoleBinding 6 | # subjects if changing service account names. 7 | - service_account.yaml 8 | - role.yaml 9 | - role_binding.yaml 10 | - leader_election_role.yaml 11 | - leader_election_role_binding.yaml 12 | # Comment the following 4 lines if you want to disable 13 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 14 | # which protects your /metrics endpoint. 15 | - auth_proxy_service.yaml 16 | - auth_proxy_role.yaml 17 | - auth_proxy_role_binding.yaml 18 | - auth_proxy_client_clusterrole.yaml 19 | -------------------------------------------------------------------------------- /installer/vendor/k8s.io/apimachinery/pkg/util/sets/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by set-gen. DO NOT EDIT. 18 | 19 | // Package sets has auto-generated set types. 20 | package sets 21 | -------------------------------------------------------------------------------- /coredns/channels/packages/coredns/1.7.0/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # resource definition in YAML. These are the resource 2 | # files that kustomize reads, modifies and emits as a 3 | # YAML string, with resources separated by document 4 | # markers ("---"). 5 | resources: 6 | - service.yaml 7 | - deployment.yaml 8 | - serviceaccount.yaml 9 | - clusterrole.yaml 10 | - clusterrolebinding.yaml 11 | 12 | configMapGenerator: 13 | - name: coredns 14 | namespace: kube-system 15 | literals: 16 | - | 17 | Corefile={{ .Corefile }} 18 | 19 | 20 | generatorOptions: 21 | labels: 22 | addonmanager.kubernetes.io/mode: EnsureExists 23 | addons.x-k8s.io/coredns: coredns-operator 24 | k8s-app: kube-dns 25 | kubernetes.io/cluster-service: "true" 26 | kubernetes.io/name: CoreDNS 27 | -------------------------------------------------------------------------------- /coredns/channels/packages/coredns/1.8.0/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # resource definition in YAML. These are the resource 2 | # files that kustomize reads, modifies and emits as a 3 | # YAML string, with resources separated by document 4 | # markers ("---"). 5 | resources: 6 | - service.yaml 7 | - deployment.yaml 8 | - serviceaccount.yaml 9 | - clusterrole.yaml 10 | - clusterrolebinding.yaml 11 | 12 | configMapGenerator: 13 | - name: coredns 14 | namespace: kube-system 15 | literals: 16 | - | 17 | Corefile={{ .Corefile }} 18 | 19 | 20 | generatorOptions: 21 | labels: 22 | addonmanager.kubernetes.io/mode: EnsureExists 23 | addons.x-k8s.io/coredns: coredns-operator 24 | k8s-app: kube-dns 25 | kubernetes.io/cluster-service: "true" 26 | kubernetes.io/name: CoreDNS 27 | -------------------------------------------------------------------------------- /coredns/channels/packages/coredns/1.8.4/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # resource definition in YAML. These are the resource 2 | # files that kustomize reads, modifies and emits as a 3 | # YAML string, with resources separated by document 4 | # markers ("---"). 5 | resources: 6 | - service.yaml 7 | - deployment.yaml 8 | - serviceaccount.yaml 9 | - clusterrole.yaml 10 | - clusterrolebinding.yaml 11 | 12 | configMapGenerator: 13 | - name: coredns 14 | namespace: kube-system 15 | literals: 16 | - | 17 | Corefile={{ .Corefile }} 18 | 19 | 20 | generatorOptions: 21 | labels: 22 | addonmanager.kubernetes.io/mode: EnsureExists 23 | addons.x-k8s.io/coredns: coredns-operator 24 | k8s-app: kube-dns 25 | kubernetes.io/cluster-service: "true" 26 | kubernetes.io/name: CoreDNS 27 | -------------------------------------------------------------------------------- /installer/vendor/gopkg.in/yaml.v2/writerc.go: -------------------------------------------------------------------------------- 1 | package yaml 2 | 3 | // Set the writer error and return false. 4 | func yaml_emitter_set_writer_error(emitter *yaml_emitter_t, problem string) bool { 5 | emitter.error = yaml_WRITER_ERROR 6 | emitter.problem = problem 7 | return false 8 | } 9 | 10 | // Flush the output buffer. 11 | func yaml_emitter_flush(emitter *yaml_emitter_t) bool { 12 | if emitter.write_handler == nil { 13 | panic("write handler not set") 14 | } 15 | 16 | // Check if the buffer is empty. 17 | if emitter.buffer_pos == 0 { 18 | return true 19 | } 20 | 21 | if err := emitter.write_handler(emitter, emitter.buffer[:emitter.buffer_pos]); err != nil { 22 | return yaml_emitter_set_writer_error(emitter, "write error: "+err.Error()) 23 | } 24 | emitter.buffer_pos = 0 25 | return true 26 | } 27 | -------------------------------------------------------------------------------- /installer/vendor/k8s.io/apimachinery/pkg/types/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2015 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package types implements various generic types used throughout kubernetes. 18 | package types // import "k8s.io/apimachinery/pkg/types" 19 | -------------------------------------------------------------------------------- /tools/rbac-gen/pkg/convert/tests/duplicates.out.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | creationTimestamp: null 5 | name: generated-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - apiGroups: 28 | - apps 29 | resources: 30 | - deployments 31 | verbs: 32 | - create 33 | - delete 34 | - get 35 | - list 36 | - patch 37 | - update 38 | - watch 39 | - apiGroups: 40 | - apps 41 | resources: 42 | - deployments/status 43 | verbs: 44 | - get 45 | - list 46 | - watch 47 | -------------------------------------------------------------------------------- /installer/pkg/apis/config/v1alpha1/defaults.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ 15 | 16 | package v1alpha1 17 | 18 | import ( 19 | "k8s.io/apimachinery/pkg/runtime" 20 | ) 21 | 22 | func addDefaultingFuncs(scheme *runtime.Scheme) error { 23 | return RegisterDefaults(scheme) 24 | } 25 | -------------------------------------------------------------------------------- /installer/vendor/k8s.io/apimachinery/pkg/util/errors/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2015 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package errors implements various utility functions and types around errors. 18 | package errors // import "k8s.io/apimachinery/pkg/util/errors" 19 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/concurrent/go_below_19.go: -------------------------------------------------------------------------------- 1 | //+build !go1.9 2 | 3 | package concurrent 4 | 5 | import "sync" 6 | 7 | // Map implements a thread safe map for go version below 1.9 using mutex 8 | type Map struct { 9 | lock sync.RWMutex 10 | data map[interface{}]interface{} 11 | } 12 | 13 | // NewMap creates a thread safe map 14 | func NewMap() *Map { 15 | return &Map{ 16 | data: make(map[interface{}]interface{}, 32), 17 | } 18 | } 19 | 20 | // Load is same as sync.Map Load 21 | func (m *Map) Load(key interface{}) (elem interface{}, found bool) { 22 | m.lock.RLock() 23 | elem, found = m.data[key] 24 | m.lock.RUnlock() 25 | return 26 | } 27 | 28 | // Load is same as sync.Map Store 29 | func (m *Map) Store(key interface{}, elem interface{}) { 30 | m.lock.Lock() 31 | m.data[key] = elem 32 | m.lock.Unlock() 33 | } 34 | -------------------------------------------------------------------------------- /installer/vendor/k8s.io/apimachinery/pkg/fields/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2015 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package fields implements a simple field system, parsing and matching 18 | // selectors with sets of fields. 19 | package fields // import "k8s.io/apimachinery/pkg/fields" 20 | -------------------------------------------------------------------------------- /installer/vendor/k8s.io/apimachinery/pkg/labels/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2014 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package labels implements a simple label system, parsing and matching 18 | // selectors with sets of labels. 19 | package labels // import "k8s.io/apimachinery/pkg/labels" 20 | -------------------------------------------------------------------------------- /tools/kaml/pkg/xform/fieldpath.go: -------------------------------------------------------------------------------- 1 | package xform 2 | 3 | import "strings" 4 | 5 | // FieldPath specifies the address of a field. 6 | type FieldPath []string 7 | 8 | // ParseFieldPath parses a string into a FieldPath. 9 | // We may in future support jsonpath or similar, for now we simply support dot-separated field paths. 10 | func ParseFieldPath(fieldPath string) (FieldPath, error) { 11 | return FieldPath(strings.Split(fieldPath, ".")), nil 12 | } 13 | 14 | // ParseFieldPaths parses string slice into a FieldPath slice. 15 | // This simplifies error handling. 16 | func ParseFieldPaths(fieldPaths []string) ([]FieldPath, error) { 17 | var out []FieldPath 18 | for _, fieldPath := range fieldPaths { 19 | p, err := ParseFieldPath(fieldPath) 20 | if err != nil { 21 | return nil, err 22 | } 23 | out = append(out, p) 24 | } 25 | return out, nil 26 | } 27 | -------------------------------------------------------------------------------- /installer/pkg/apis/config/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | */ 15 | 16 | // +k8s:deepcopy-gen=package 17 | // +k8s:conversion-gen=sigs.k8s.io/cluster-addons/installer/pkg/apis/config 18 | // +k8s:defaulter-gen=TypeMeta 19 | package v1alpha1 // import "sigs.k8s.io/cluster-addons/installer/pkg/apis/config/v1alpha1" 20 | -------------------------------------------------------------------------------- /installer/vendor/github.com/json-iterator/go/Gopkg.toml: -------------------------------------------------------------------------------- 1 | # Gopkg.toml example 2 | # 3 | # Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md 4 | # for detailed Gopkg.toml documentation. 5 | # 6 | # required = ["github.com/user/thing/cmd/thing"] 7 | # ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"] 8 | # 9 | # [[constraint]] 10 | # name = "github.com/user/project" 11 | # version = "1.0.0" 12 | # 13 | # [[constraint]] 14 | # name = "github.com/user/project2" 15 | # branch = "dev" 16 | # source = "github.com/myfork/project2" 17 | # 18 | # [[override]] 19 | # name = "github.com/x/y" 20 | # version = "2.4.0" 21 | 22 | ignored = ["github.com/davecgh/go-spew*","github.com/google/gofuzz*","github.com/stretchr/testify*"] 23 | 24 | [[constraint]] 25 | name = "github.com/modern-go/reflect2" 26 | version = "1.0.1" 27 | -------------------------------------------------------------------------------- /installer/vendor/golang.org/x/net/http2/go111.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 The Go Authors. All rights reserved. 2 | // Use of this source code is governed by a BSD-style 3 | // license that can be found in the LICENSE file. 4 | 5 | // +build go1.11 6 | 7 | package http2 8 | 9 | import ( 10 | "net/http/httptrace" 11 | "net/textproto" 12 | ) 13 | 14 | func traceHasWroteHeaderField(trace *httptrace.ClientTrace) bool { 15 | return trace != nil && trace.WroteHeaderField != nil 16 | } 17 | 18 | func traceWroteHeaderField(trace *httptrace.ClientTrace, k, v string) { 19 | if trace != nil && trace.WroteHeaderField != nil { 20 | trace.WroteHeaderField(k, []string{v}) 21 | } 22 | } 23 | 24 | func traceGot1xxResponseFunc(trace *httptrace.ClientTrace) func(int, textproto.MIMEHeader) error { 25 | if trace != nil { 26 | return trace.Got1xxResponse 27 | } 28 | return nil 29 | } 30 | -------------------------------------------------------------------------------- /installer/vendor/k8s.io/apimachinery/pkg/runtime/serializer/protobuf/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2015 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package protobuf provides a Kubernetes serializer for the protobuf format. 18 | package protobuf // import "k8s.io/apimachinery/pkg/runtime/serializer/protobuf" 19 | -------------------------------------------------------------------------------- /installer/vendor/k8s.io/apimachinery/pkg/watch/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2014 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package watch contains a generic watchable interface, and a fake for 18 | // testing code that uses the watch interface. 19 | package watch // import "k8s.io/apimachinery/pkg/watch" 20 | -------------------------------------------------------------------------------- /dashboard/README.md: -------------------------------------------------------------------------------- 1 | # This is the Kubernetes Dashboard Operator 2 | 3 | This is an operator for managing the kubernetes dashboard addon. 4 | 5 | ## Available versions of kubernetes dashboard 6 | ``` 7 | Versions: 8 | - 1.8.3 9 | - 1.10.1 10 | - 2.0.0 11 | ``` 12 | 13 | Stable version - `2.0.0` 14 | 15 | ## Usage 16 | 1. Clone the cluster-addons 17 | ``` 18 | go get https://github.com/kubernetes-sigs/cluster-addons 19 | cd dashboard 20 | ``` 21 | 22 | 2. Install Dashboard CRD 23 | ``` 24 | make install 25 | ``` 26 | 27 | 3. Create Custom Resource. An example lives [here](https://raw.githubusercontent.com/kubernetes-sigs/cluster-addons/master/dashboard/config/samples/addons_v1alpha1_dashboard.yaml) 28 | 29 | 4. Run the operator locally 30 | `make run` 31 | 32 | or in-cluster 33 | `make deploy` 34 | 35 | 5. View resources created in the `kubernetes-dashboard` namespace. 36 | -------------------------------------------------------------------------------- /tools/kubectl-ownerref/README.md: -------------------------------------------------------------------------------- 1 | # Kubectl Ownerrefs 2 | 3 | ## Introduction 4 | `kubectl ownerref` is a simple kubectl plugin for getting all the resources in a cluster that another resource has ownerrefs on. It gives the basic information at a quick glance. It is used in cluster-addons to get the resources that a custom resource has ownerrefs on. 5 | 6 | ## Usage 7 | 8 | 1. Get the code 9 | 10 | ```shell script 11 | go get https://github.com/kubernetes-sigs/cluster-addons 12 | ``` 13 | 14 | 2. Build 15 | 16 | ```shell script 17 | cd $GOPATH/kubernetes-sigs/cluster-addons/tools/kubectl-ownerref 18 | go install 19 | ``` 20 | 21 | 3. Run the go program 22 | 23 | ```shell script 24 | kubectl ownerref 25 | ``` 26 | 27 | Example: 28 | ```shell script 29 | kubectl ownerref Dashboard dashboard_sample 30 | ``` 31 | 32 | Have fun! :tada: 33 | -------------------------------------------------------------------------------- /installer/vendor/k8s.io/apimachinery/pkg/conversion/queryparams/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2014 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package queryparams provides conversion from versioned 18 | // runtime objects to URL query values 19 | package queryparams // import "k8s.io/apimachinery/pkg/conversion/queryparams" 20 | -------------------------------------------------------------------------------- /flannel/config/rbac/manager_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: main-manager-role 5 | rules: 6 | - apiGroups: ["apps"] 7 | resources: 8 | - "daemonsets" 9 | verbs: ["create", "get", "watch", "update"] 10 | - apiGroups: [""] 11 | resources: 12 | - "configmaps" 13 | - "serviceaccounts" 14 | verbs: ["create", "get", "watch", "update"] 15 | - apiGroups: ["rbac.authorization.k8s.io"] 16 | resources: 17 | - "clusterrolebindings" 18 | - "clusterroles" 19 | verbs: ["create", "get", "watch", "update"] 20 | - apiGroups: 21 | - "" 22 | resources: 23 | - pods 24 | verbs: 25 | - get 26 | - apiGroups: 27 | - "" 28 | resources: 29 | - nodes 30 | verbs: 31 | - list 32 | - watch 33 | - apiGroups: 34 | - "" 35 | resources: 36 | - nodes/status 37 | verbs: 38 | - patch 39 | -------------------------------------------------------------------------------- /installer/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2016 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:deepcopy-gen=package 18 | // +k8s:openapi-gen=true 19 | // +k8s:defaulter-gen=TypeMeta 20 | 21 | // +groupName=meta.k8s.io 22 | 23 | package v1 // import "k8s.io/apimachinery/pkg/apis/meta/v1" 24 | -------------------------------------------------------------------------------- /tools/kaml/pkg/visitor/interfaces.go: -------------------------------------------------------------------------------- 1 | package visitor 2 | 3 | import ( 4 | "sigs.k8s.io/kustomize/kyaml/yaml" 5 | ) 6 | 7 | type visitor interface { 8 | VisitSequence(ctx *Context, path Path, node *yaml.Node) error 9 | VisitMap(ctx *Context, path Path, node *KubeMap) error 10 | VisitScalar(ctx *Context, path Path, node *yaml.Node) error 11 | 12 | VisitKubeObject(ctx *Context, obj *KubeObject) error 13 | } 14 | 15 | type Visitor struct { 16 | } 17 | 18 | func (v *Visitor) VisitSequence(ctx *Context, path Path, node *yaml.Node) error { 19 | return nil 20 | } 21 | 22 | func (v *Visitor) VisitScalar(ctx *Context, path Path, node *yaml.Node) error { 23 | return nil 24 | } 25 | 26 | func (v *Visitor) VisitMap(ctx *Context, path Path, node *KubeMap) error { 27 | return nil 28 | } 29 | 30 | func (v *Visitor) VisitKubeObject(ctx *Context, obj *KubeObject) error { 31 | return nil 32 | } 33 | -------------------------------------------------------------------------------- /dashboard/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the controller manager, 2 | # it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-addr=127.0.0.1:8080" 25 | - "--enable-leader-election" 26 | -------------------------------------------------------------------------------- /flannel/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the controller manager, 2 | # it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-addr=127.0.0.1:8080" 25 | - "--enable-leader-election" 26 | -------------------------------------------------------------------------------- /generic/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the controller manager, 2 | # it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-addr=127.0.0.1:8080" 25 | - "--enable-leader-election" 26 | -------------------------------------------------------------------------------- /kubeproxy/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the controller manager, 2 | # it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-addr=127.0.0.1:8080" 25 | - "--enable-leader-election" 26 | -------------------------------------------------------------------------------- /metrics-server/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the controller manager, 2 | # it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-addr=127.0.0.1:8080" 25 | - "--enable-leader-election" 26 | -------------------------------------------------------------------------------- /nodelocaldns/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the controller manager, 2 | # it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-addr=127.0.0.1:8080" 25 | - "--enable-leader-election" 26 | -------------------------------------------------------------------------------- /dashboard/config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /flannel/config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /generic/config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /kubeproxy/config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /metrics-server/config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /nodelocaldns/config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /generic/Dockerfile: -------------------------------------------------------------------------------- 1 | # Build the manager binary 2 | FROM golang:1.13 as builder 3 | 4 | WORKDIR /workspace 5 | # Copy the Go Modules manifests 6 | COPY go.mod go.mod 7 | COPY go.sum go.sum 8 | # cache deps before building and copying source so that we don't need to re-download as much 9 | # and so that source changes don't invalidate our downloaded layer 10 | RUN go mod download 11 | 12 | # Copy the go source 13 | COPY main.go main.go 14 | COPY api/ api/ 15 | COPY controllers/ controllers/ 16 | 17 | # Build 18 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go 19 | 20 | # Use distroless as minimal base image to package the manager binary 21 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 22 | FROM gcr.io/distroless/static:nonroot 23 | WORKDIR / 24 | COPY --from=builder /workspace/manager . 25 | COPY channels/ channels/ 26 | USER nonroot:nonroot 27 | 28 | ENTRYPOINT ["/manager"] 29 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/Gopkg.toml: -------------------------------------------------------------------------------- 1 | # Gopkg.toml example 2 | # 3 | # Refer to https://golang.github.io/dep/docs/Gopkg.toml.html 4 | # for detailed Gopkg.toml documentation. 5 | # 6 | # required = ["github.com/user/thing/cmd/thing"] 7 | # ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"] 8 | # 9 | # [[constraint]] 10 | # name = "github.com/user/project" 11 | # version = "1.0.0" 12 | # 13 | # [[constraint]] 14 | # name = "github.com/user/project2" 15 | # branch = "dev" 16 | # source = "github.com/myfork/project2" 17 | # 18 | # [[override]] 19 | # name = "github.com/x/y" 20 | # version = "2.4.0" 21 | # 22 | # [prune] 23 | # non-go = false 24 | # go-tests = true 25 | # unused-packages = true 26 | 27 | ignored = [] 28 | 29 | [[constraint]] 30 | name = "github.com/modern-go/concurrent" 31 | version = "1.0.0" 32 | 33 | [prune] 34 | go-tests = true 35 | unused-packages = true 36 | -------------------------------------------------------------------------------- /installer/vendor/github.com/modern-go/reflect2/safe_struct.go: -------------------------------------------------------------------------------- 1 | package reflect2 2 | 3 | type safeStructType struct { 4 | safeType 5 | } 6 | 7 | func (type2 *safeStructType) FieldByName(name string) StructField { 8 | field, found := type2.Type.FieldByName(name) 9 | if !found { 10 | panic("field " + name + " not found") 11 | } 12 | return &safeField{StructField: field} 13 | } 14 | 15 | func (type2 *safeStructType) Field(i int) StructField { 16 | return &safeField{StructField: type2.Type.Field(i)} 17 | } 18 | 19 | func (type2 *safeStructType) FieldByIndex(index []int) StructField { 20 | return &safeField{StructField: type2.Type.FieldByIndex(index)} 21 | } 22 | 23 | func (type2 *safeStructType) FieldByNameFunc(match func(string) bool) StructField { 24 | field, found := type2.Type.FieldByNameFunc(match) 25 | if !found { 26 | panic("field match condition not found in " + type2.Type.String()) 27 | } 28 | return &safeField{StructField: field} 29 | } 30 | -------------------------------------------------------------------------------- /installer/vendor/k8s.io/apimachinery/pkg/types/uid.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2015 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package types 18 | 19 | // UID is a type that holds unique ID values, including UUIDs. Because we 20 | // don't ONLY use UUIDs, this is an alias to string. Being a type captures 21 | // intent and helps make sure that UIDs and names do not get conflated. 22 | type UID string 23 | -------------------------------------------------------------------------------- /kubeproxy/config/certmanager/certificate.yaml: -------------------------------------------------------------------------------- 1 | # The following manifests contain a self-signed issuer CR and a certificate CR. 2 | # More document can be found at https://docs.cert-manager.io 3 | apiVersion: certmanager.k8s.io/v1alpha1 4 | kind: Issuer 5 | metadata: 6 | name: selfsigned-issuer 7 | namespace: system 8 | spec: 9 | selfSigned: {} 10 | --- 11 | apiVersion: certmanager.k8s.io/v1alpha1 12 | kind: Certificate 13 | metadata: 14 | name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml 15 | namespace: system 16 | spec: 17 | # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize 18 | commonName: $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc 19 | dnsNames: 20 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local 21 | issuerRef: 22 | kind: Issuer 23 | name: selfsigned-issuer 24 | secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize 25 | -------------------------------------------------------------------------------- /coredns/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | protocol: TCP 22 | name: https 23 | - name: manager 24 | args: 25 | - "--health-probe-bind-address=:8081" 26 | - "--metrics-bind-address=127.0.0.1:8080" 27 | - "--leader-elect" 28 | -------------------------------------------------------------------------------- /installer/vendor/k8s.io/apimachinery/pkg/runtime/schema/generated.proto: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | 18 | // This file was autogenerated by go-to-protobuf. Do not edit it manually! 19 | 20 | syntax = 'proto2'; 21 | 22 | package k8s.io.apimachinery.pkg.runtime.schema; 23 | 24 | // Package-wide variables from generator "generated". 25 | option go_package = "schema"; 26 | 27 | -------------------------------------------------------------------------------- /installer/vendor/k8s.io/apimachinery/pkg/util/sets/empty.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by set-gen. DO NOT EDIT. 18 | 19 | package sets 20 | 21 | // Empty is public since it is used by some internal API objects for conversions between external 22 | // string arrays and internal sets, and conversion logic requires public types today. 23 | type Empty struct{} 24 | -------------------------------------------------------------------------------- /dashboard/config/manager/manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: system 7 | --- 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | metadata: 11 | name: controller-manager 12 | namespace: system 13 | labels: 14 | control-plane: controller-manager 15 | spec: 16 | selector: 17 | matchLabels: 18 | control-plane: controller-manager 19 | replicas: 1 20 | template: 21 | metadata: 22 | labels: 23 | control-plane: controller-manager 24 | spec: 25 | containers: 26 | - command: 27 | - /manager 28 | args: 29 | - --enable-leader-election 30 | image: controller:latest 31 | name: manager 32 | resources: 33 | limits: 34 | cpu: 100m 35 | memory: 30Mi 36 | requests: 37 | cpu: 100m 38 | memory: 20Mi 39 | terminationGracePeriodSeconds: 10 40 | -------------------------------------------------------------------------------- /flannel/config/manager/manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: system 7 | --- 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | metadata: 11 | name: controller-manager 12 | namespace: system 13 | labels: 14 | control-plane: controller-manager 15 | spec: 16 | selector: 17 | matchLabels: 18 | control-plane: controller-manager 19 | replicas: 1 20 | template: 21 | metadata: 22 | labels: 23 | control-plane: controller-manager 24 | spec: 25 | containers: 26 | - command: 27 | - /manager 28 | args: 29 | - --enable-leader-election 30 | image: controller:latest 31 | name: manager 32 | resources: 33 | limits: 34 | cpu: 100m 35 | memory: 30Mi 36 | requests: 37 | cpu: 100m 38 | memory: 20Mi 39 | terminationGracePeriodSeconds: 10 40 | -------------------------------------------------------------------------------- /generic/config/manager/manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: system 7 | --- 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | metadata: 11 | name: controller-manager 12 | namespace: system 13 | labels: 14 | control-plane: controller-manager 15 | spec: 16 | selector: 17 | matchLabels: 18 | control-plane: controller-manager 19 | replicas: 1 20 | template: 21 | metadata: 22 | labels: 23 | control-plane: controller-manager 24 | spec: 25 | containers: 26 | - command: 27 | - /manager 28 | args: 29 | - --enable-leader-election 30 | image: controller:latest 31 | name: manager 32 | resources: 33 | limits: 34 | cpu: 100m 35 | memory: 30Mi 36 | requests: 37 | cpu: 100m 38 | memory: 20Mi 39 | terminationGracePeriodSeconds: 10 40 | -------------------------------------------------------------------------------- /kubeproxy/config/rbac/manager_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | creationTimestamp: null 5 | name: main-manager-role 6 | rules: 7 | - apiGroups: [""] 8 | resources: ["*"] 9 | verbs: ["list", "get", "watch"] 10 | - apiGroups: [""] 11 | resources: ["events", "serviceaccounts"] 12 | verbs: ["create", "patch", "update"] 13 | - apiGroups: ["apps", "extensions"] 14 | resources: ["daemonsets"] 15 | verbs: ["get", "watch", "list", "create", "patch"] 16 | - apiGroups: ["rbac.authorization.k8s.io"] 17 | resources: ["clusterrolebindings"] 18 | verbs: ["get", "watch", "list", "create"] 19 | - apiGroups: ["app.k8s.io"] 20 | resources: ["applications"] 21 | verbs: ["get", "watch", "list", "create", "patch"] 22 | - apiGroups: ["discovery.k8s.io"] 23 | resources: ["endpointslices"] 24 | verbs: ["list", "watch"] 25 | - apiGroups: ["events.k8s.io"] 26 | resources: ["events"] 27 | verbs: ["create", "patch", "update"] 28 | -------------------------------------------------------------------------------- /tools/kaml/pkg/visitor/kubeobject.go: -------------------------------------------------------------------------------- 1 | package visitor 2 | 3 | import "fmt" 4 | 5 | type KubeObject struct { 6 | obj *KubeMap 7 | } 8 | 9 | func (o *KubeObject) GetKind() string { 10 | s, _, _ := o.obj.GetStringField("kind") 11 | return s 12 | } 13 | 14 | func (o *KubeObject) GetAPIVersion() string { 15 | s, _, _ := o.obj.GetStringField("apiVersion") 16 | return s 17 | } 18 | 19 | func (o *KubeObject) GetName() string { 20 | metadata := o.GetMetadata() 21 | if metadata == nil { 22 | return "" 23 | } 24 | s, _, _ := metadata.GetStringField("name") 25 | return s 26 | } 27 | 28 | func (o *KubeObject) GetMetadata() *KubeMap { 29 | m, _, _ := o.obj.GetMapField("metadata") 30 | return m 31 | } 32 | 33 | func (o *KubeObject) SetName(name string) error { 34 | metadata := o.GetMetadata() 35 | if metadata == nil { 36 | return fmt.Errorf("metadata not found") 37 | } 38 | if err := metadata.Set("name", name); err != nil { 39 | return err 40 | } 41 | return nil 42 | } 43 | -------------------------------------------------------------------------------- /installer/vendor/github.com/gogo/protobuf/CONTRIBUTORS: -------------------------------------------------------------------------------- 1 | Anton Povarov 2 | Brian Goff 3 | Clayton Coleman 4 | Denis Smirnov 5 | DongYun Kang 6 | Dwayne Schultz 7 | Georg Apitz 8 | Gustav Paul 9 | Johan Brandhorst 10 | John Shahid 11 | John Tuley 12 | Laurent 13 | Patrick Lee 14 | Peter Edge 15 | Roger Johansson 16 | Sam Nguyen 17 | Sergio Arbeo 18 | Stephen J Day 19 | Tamir Duberstein 20 | Todd Eisenberger 21 | Tormod Erevik Lea 22 | Vyacheslav Kim 23 | Walter Schulze 24 | -------------------------------------------------------------------------------- /metrics-server/config/manager/manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: system 7 | --- 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | metadata: 11 | name: controller-manager 12 | namespace: system 13 | labels: 14 | control-plane: controller-manager 15 | spec: 16 | selector: 17 | matchLabels: 18 | control-plane: controller-manager 19 | replicas: 1 20 | template: 21 | metadata: 22 | labels: 23 | control-plane: controller-manager 24 | spec: 25 | containers: 26 | - command: 27 | - /manager 28 | args: 29 | - --enable-leader-election 30 | image: controller:latest 31 | name: manager 32 | resources: 33 | limits: 34 | cpu: 100m 35 | memory: 30Mi 36 | requests: 37 | cpu: 100m 38 | memory: 20Mi 39 | terminationGracePeriodSeconds: 10 40 | --------------------------------------------------------------------------------