README
¶
UnDistro Kubernetes Platform
What is UnDistro?
UnDistro is a vanilla, non-opinionated, and open-source Kubernetes distribution that helps spin up, manage, and visualize one or more production-ready clusters in a standardized and centralized way.
Choosing to use UnDistro is not a matter of choosing UnDistro over EKS/AKS/GKE. Think of UnDistro as an additional “layer” to help you with day 2 K8s operations, no matter the infrastructure, hosted, or self-hosted Kubernetes.
Getting Started
Prerequisites
- Install and setup kubectl in your local environment.
- Install and setup Kind and Docker. (required just for kind installation method)
- Install and setup aws-iam-authenticator in your local environment. (required just for AWS provider)
- Install NSS Tools in your OS using your favorite package manager (rpm/deb/apk)
⚠ If the installation is from rpm, deb, apk or brew package managers it will also install nss tools for you: Be very careful here!
Installing UnDistro CLI
- Download UnDistro CLI or use Homebrew to install.
brew install getupio-undistro/tap/undistro
To get started and easily create your first cluster with UnDistro, check out the docs.
Development
The first step in getting involved with Undistro is to download the source code. Since the development is carried out by means of the Git version control system, you can use it to clone the repository. If you don't already have Git installed, it can be found in most package managers and the official downloads page. Furthermore, a Github account will also be required for sending changes back, so be sure to have one.
You can find additional details for setting up the Undistro development environment under the Development section in the Docs.
Project Structure
Undistro's repository contains not only its source code, but also some related files, as is the case with the charts directory.
The entire project structure is laid out as follows.
.
├── UI # Contains the source of Undistro's frontend
├── apis # Stores the Undistro API and its versions
├── charts # Stores multiple Helm charts maintained by the Undistro team
├── cmd # Has the main Go files for the CLIs
├── config # Keeps configuration files generated by Kubebuilder
├── controllers # Keeps generated Kubernetes' controllers and a few test files
├── e2e # Contains files used for End-to-End testing
├── examples # Stores YAML files describing how to use Undistro
├── hack # Miscellaneous configuration files and helper scripts
├── pkg # Stores the core functionality of each Undistro package
├── testbin # Stores binary dependencies downloaded during testing, as well as shell scripts used for building and testing
├── tilt_modules # Contains Tilt configuration files for Undistro and cert-manager as well
└── website # Keeps the source code for Undistro's website and this documentation
Contributing
Did you find a bug, or would you like to suggest a new feature? We're open to feedback. Please open a new issue and let us know what you think. You're also welcome to contribute by submitting a pull request.
Please remember to check out our Contributing Guidelines.
Contributor License Agreement - CLA assistant
License
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
apis
|
|
|
app/v1alpha1
Package v1alpha1 contains API Schema definitions for the app v1alpha1 API group +kubebuilder:object:generate=true +groupName=app.undistro.io
|
Package v1alpha1 contains API Schema definitions for the app v1alpha1 API group +kubebuilder:object:generate=true +groupName=app.undistro.io |
|
metadata/v1alpha1
Package v1alpha1 contains API Schema definitions for the metadata v1alpha1 API group +kubebuilder:object:generate=true +groupName=metadata.undistro.io
|
Package v1alpha1 contains API Schema definitions for the metadata v1alpha1 API group +kubebuilder:object:generate=true +groupName=metadata.undistro.io |
|
cmd
|
|
|
controllers
|
|
|
pkg
|
|
|
third_party
|
|
|
pinniped/internal/authenticators
Package authenticators contains authenticator interfaces.
|
Package authenticators contains authenticator interfaces. |
|
pinniped/internal/certauthority
Package certauthority implements a simple x509 certificate authority suitable for use in an aggregated API service.
|
Package certauthority implements a simple x509 certificate authority suitable for use in an aggregated API service. |
|
pinniped/internal/certauthority/dynamiccertauthority
Package dynamiccertauthority implements a x509 certificate authority capable of issuing certificates from a dynamically updating CA keypair.
|
Package dynamiccertauthority implements a x509 certificate authority capable of issuing certificates from a dynamically updating CA keypair. |
|
pinniped/internal/concierge/scheme
Package scheme contains code to construct a proper runtime.Scheme for the Concierge aggregated API.
|
Package scheme contains code to construct a proper runtime.Scheme for the Concierge aggregated API. |
|
pinniped/internal/config/concierge
Package concierge contains functionality to load/store Config's from/to some source.
|
Package concierge contains functionality to load/store Config's from/to some source. |
|
pinniped/internal/config/supervisor
Package supervisor contains functionality to load/store Config's from/to some source.
|
Package supervisor contains functionality to load/store Config's from/to some source. |
|
pinniped/internal/controller/apicerts
Package apicerts contains controllers that work together to provide rotating API certs.
|
Package apicerts contains controllers that work together to provide rotating API certs. |
|
pinniped/internal/controller/authenticator
Package authenticator contains helper code for dealing with *Authenticator CRDs.
|
Package authenticator contains helper code for dealing with *Authenticator CRDs. |
|
pinniped/internal/controller/authenticator/authncache
Package authncache implements a cache of active authenticators.
|
Package authncache implements a cache of active authenticators. |
|
pinniped/internal/controller/authenticator/cachecleaner
Package cachecleaner implements a controller for garbage collecting authenticators from an authenticator cache.
|
Package cachecleaner implements a controller for garbage collecting authenticators from an authenticator cache. |
|
pinniped/internal/controller/authenticator/jwtcachefiller
Package jwtcachefiller implements a controller for filling an authncache.Cache with each added/updated JWTAuthenticator.
|
Package jwtcachefiller implements a controller for filling an authncache.Cache with each added/updated JWTAuthenticator. |
|
pinniped/internal/controller/authenticator/webhookcachefiller
Package webhookcachefiller implements a controller for filling an authncache.Cache with each added/updated WebhookAuthenticator.
|
Package webhookcachefiller implements a controller for filling an authncache.Cache with each added/updated WebhookAuthenticator. |
|
pinniped/internal/controller/issuerconfig
Package issuerconfig contains helpers for updating CredentialIssuer status entries.
|
Package issuerconfig contains helpers for updating CredentialIssuer status entries. |
|
pinniped/internal/controller/kubecertagent
Package kubecertagent provides controllers that ensure a pod (the kube-cert-agent), is co-located with the Kubernetes controller manager so that Pinniped can access its signing keys.
|
Package kubecertagent provides controllers that ensure a pod (the kube-cert-agent), is co-located with the Kubernetes controller manager so that Pinniped can access its signing keys. |
|
pinniped/internal/controller/supervisorconfig/activedirectoryupstreamwatcher
Package activedirectoryupstreamwatcher implements a controller which watches ActiveDirectoryIdentityProviders.
|
Package activedirectoryupstreamwatcher implements a controller which watches ActiveDirectoryIdentityProviders. |
|
pinniped/internal/controller/supervisorconfig/generator
Package secretgenerator provides a supervisorSecretsController that can ensure existence of a generated secret.
|
Package secretgenerator provides a supervisorSecretsController that can ensure existence of a generated secret. |
|
pinniped/internal/controller/supervisorconfig/ldapupstreamwatcher
Package ldapupstreamwatcher implements a controller which watches LDAPIdentityProviders.
|
Package ldapupstreamwatcher implements a controller which watches LDAPIdentityProviders. |
|
pinniped/internal/downward
Package downward implements a client interface for interacting with Kubernetes "downwardAPI" volumes.
|
Package downward implements a client interface for interacting with Kubernetes "downwardAPI" volumes. |
|
pinniped/internal/dynamiccert
Package dynamiccert provides a simple way of communicating a dynamically updating PEM-encoded certificate and key.
|
Package dynamiccert provides a simple way of communicating a dynamically updating PEM-encoded certificate and key. |
|
pinniped/internal/endpointaddr
Package endpointaddr implements parsing and validation of "<host>[:<port>]" strings for Pinniped APIs.
|
Package endpointaddr implements parsing and validation of "<host>[:<port>]" strings for Pinniped APIs. |
|
pinniped/internal/execcredcache
Package execcredcache implements a cache for Kubernetes ExecCredential data.
|
Package execcredcache implements a cache for Kubernetes ExecCredential data. |
|
pinniped/internal/httputil/httperr
Package httperr contains some helpers for nicer error handling in http.Handler implementations.
|
Package httperr contains some helpers for nicer error handling in http.Handler implementations. |
|
pinniped/internal/httputil/securityheader
Package securityheader implements an HTTP middleware for setting security-related response headers.
|
Package securityheader implements an HTTP middleware for setting security-related response headers. |
|
pinniped/internal/localuserauthenticator
Package localuserauthenticator provides a authentication webhook program.
|
Package localuserauthenticator provides a authentication webhook program. |
|
pinniped/internal/oidc
Package oidc contains common OIDC functionality needed by Pinniped.
|
Package oidc contains common OIDC functionality needed by Pinniped. |
|
pinniped/internal/oidc/auth
Package auth provides a handler for the OIDC authorization endpoint.
|
Package auth provides a handler for the OIDC authorization endpoint. |
|
pinniped/internal/oidc/callback
Package callback provides a handler for the OIDC callback endpoint.
|
Package callback provides a handler for the OIDC callback endpoint. |
|
pinniped/internal/oidc/clientregistry
Package clientregistry defines Pinniped's OAuth2/OIDC clients.
|
Package clientregistry defines Pinniped's OAuth2/OIDC clients. |
|
pinniped/internal/oidc/discovery
Package discovery provides a handler for the OIDC discovery endpoint.
|
Package discovery provides a handler for the OIDC discovery endpoint. |
|
pinniped/internal/oidc/downstreamsession
Package downstreamsession provides some shared helpers for creating downstream OIDC sessions.
|
Package downstreamsession provides some shared helpers for creating downstream OIDC sessions. |
|
pinniped/internal/oidc/dynamiccodec
Package dynamiccodec provides a type that can encode information using a just-in-time signing and (optionally) encryption secret.
|
Package dynamiccodec provides a type that can encode information using a just-in-time signing and (optionally) encryption secret. |
|
pinniped/internal/oidc/idpdiscovery
Package idpdiscovery provides a handler for the upstream IDP discovery endpoint.
|
Package idpdiscovery provides a handler for the upstream IDP discovery endpoint. |
|
pinniped/internal/oidc/jwks
Package discovery provides a handler for the OIDC discovery endpoint.
|
Package discovery provides a handler for the OIDC discovery endpoint. |
|
pinniped/internal/oidc/provider/formposthtml
Package formposthtml defines HTML templates used by the Supervisor.
|
Package formposthtml defines HTML templates used by the Supervisor. |
|
pinniped/internal/oidc/token
Package token provides a handler for the OIDC token endpoint.
|
Package token provides a handler for the OIDC token endpoint. |
|
pinniped/internal/plog
Package plog implements a thin layer over klog to help enforce pinniped's logging convention.
|
Package plog implements a thin layer over klog to help enforce pinniped's logging convention. |
|
pinniped/internal/registry/credentialrequest
Package credentialrequest provides REST functionality for the CredentialRequest resource.
|
Package credentialrequest provides REST functionality for the CredentialRequest resource. |
|
pinniped/internal/upstreamldap
Package upstreamldap implements an abstraction of upstream LDAP IDP interactions.
|
Package upstreamldap implements an abstraction of upstream LDAP IDP interactions. |
|
pinniped/internal/upstreamoidc
Package upstreamoidc implements an abstraction of upstream OIDC provider interactions.
|
Package upstreamoidc implements an abstraction of upstream OIDC provider interactions. |
|
tilt_modules
|
|
Click to show internal directories.
Click to hide internal directories.