README
¶
Specification of the third party object used to issue certificates for Kubernetes clusters running on the Giantnetes platform from Giant Swarm. Used by the cert-operator.
License
certificatetpr is under the Apache 2.0 license. See the LICENSE file for details.
Documentation
¶
Index ¶
- Constants
- Variables
- func IsInvalidConfig(err error) bool
- func IsSecretsRetrievalFailed(err error) bool
- func ValidComponent(el ClusterComponent, components []ClusterComponent) bool
- type AssetsBundle
- type AssetsBundleKey
- type ClusterComponent
- type CompactTLSAssets
- type CustomObject
- type List
- type Searcher
- type Service
- type ServiceConfig
- type Spec
- type TLSAssetType
Constants ¶
const ( // Name represents the name of the third party resource within Kubernetes. Name = "certificate.giantswarm.io" // VersionV1 is the v1 version of this resource. VersionV1 = "v1" // Description is the description of this resource. Description = "The cert-operator handles certificates used in the cluster." )
const ( // ComponentLabel is the label used in the secret to identify a cluster // component. ComponentLabel string = "clusterComponent" // ClusterIDLabel is the label used in the secret to identify a cluster. ClusterIDLabel string = "clusterID" )
These constants are used when filtering the secrets, to only retrieve the ones we are interested in.
const ( // WatchTimeOut is the time to wait on watches against the Kubernetes API // before giving up and throwing an error. WatchTimeOut = 90 * time.Second )
Variables ¶
var ClusterComponents = []ClusterComponent{ APIComponent, CalicoComponent, EtcdComponent, ServiceAccountComponent, WorkerComponent, }
ClusterComponents is a slice enumerating all the components that make up the cluster.
TODO add FlanneldComponent as soon as all guest clusters have Flanneld certificates.
var MonitoringComponents = []ClusterComponent{ PrometheusComponent, KubeStateMetricsComponent, }
MonitoringComponents is a slice enumerating all the components that make up monitoring.
var TLSAssetTypes = []TLSAssetType{CA, Crt, Key}
TLSAssetTypes is a slice enumerating all the TLS assets we need to boot the cluster.
Functions ¶
func IsInvalidConfig ¶
IsInvalidConfig asserts invalidConfigError.
func IsSecretsRetrievalFailed ¶
IsSecretsRetrievalFailed asserts secretsRetrievalFailedError.
func ValidComponent ¶
func ValidComponent(el ClusterComponent, components []ClusterComponent) bool
ValidComponent looks for el among the components.
Types ¶
type AssetsBundle ¶
type AssetsBundle map[AssetsBundleKey][]byte
AssetsBundle is a structure that contains all the assets for all the components.
type AssetsBundleKey ¶
type AssetsBundleKey struct {
Component ClusterComponent
Type TLSAssetType
}
AssetsBundleKey is a struct key for an AssetsBundle cfr. https://blog.golang.org/go-maps-in-action
type ClusterComponent ¶
type ClusterComponent string
ClusterComponent represents the individual component of a k8s cluster, e.g. the API server, or etcd These are used when getting a secret from the k8s API, to identify the component the secret belongs to.
const ( // APIComponent is the API server component. APIComponent ClusterComponent = "api" // CalicoComponent is the calico component. CalicoComponent ClusterComponent = "calico" // EtcdComponent is the etcd cluster component. EtcdComponent ClusterComponent = "etcd" // FlanneldComponent is the flanneld cluster component. FlanneldComponent ClusterComponent = "flanneld" // KubeStateMetricsComponent is the kube-state-metrics component. KubeStateMetricsComponent ClusterComponent = "kube-state-metrics" // PrometheusComponent is the prometheus component. PrometheusComponent ClusterComponent = "prometheus" // ServiceAccountComponent is the service-account component. ServiceAccountComponent ClusterComponent = "service-account" // WorkerComponent is a worker component. WorkerComponent ClusterComponent = "worker" )
These constants are used to match different components of the cluster when parsing a secret received from the API.
func (ClusterComponent) String ¶
func (c ClusterComponent) String() string
type CompactTLSAssets ¶
type CompactTLSAssets struct {
APIServerCA string
APIServerKey string
APIServerCrt string
WorkerCA string
WorkerKey string
WorkerCrt string
ServiceAccountCA string
ServiceAccountKey string
ServiceAccountCrt string
CalicoClientCA string
CalicoClientKey string
CalicoClientCrt string
EtcdServerCA string
EtcdServerKey string
EtcdServerCrt string
}
CompactTLSAssets is a struct used by operators to store stringified TLS assets.
type CustomObject ¶
type CustomObject struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata" yaml:"metadata"`
Spec Spec `json:"spec" yaml:"spec"`
}
CustomObject represents the Certificate TPR's custom object. It holds the specifications of the resource the Certificate operator is interested in.
type List ¶
type List struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata" yaml:"metadata"`
Items []CustomObject `json:"items" yaml:"items"`
}
List represents a list of CustomObject resources.
type Searcher ¶
type Searcher interface {
SearchCerts(clusterID string) (AssetsBundle, error)
}
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service implements the certificate TPR service.
func NewService ¶
func NewService(config ServiceConfig) (*Service, error)
NewService creates a new configured certificate TPR service.
func (*Service) SearchCerts ¶
func (s *Service) SearchCerts(clusterID string) (AssetsBundle, error)
SearchCerts watches for all secrets of a cluster and returns it as assets bundle.
func (*Service) SearchCertsForComponent ¶
func (s *Service) SearchCertsForComponent(clusterID, componentName string) (AssetsBundle, error)
SearchCertsForComponent watches for secrets of a single cluster component and returns it as assets bundle.
type ServiceConfig ¶
type ServiceConfig struct {
// Dependencies.
K8sClient kubernetes.Interface
Logger micrologger.Logger
}
ServiceConfig represents the configuration used to create a certificate TPR service.
func DefaultServiceConfig ¶
func DefaultServiceConfig() ServiceConfig
DefaultServiceConfig provides a default configuration to create a new certificate TPR service by best effort.
type Spec ¶
type Spec struct {
AllowBareDomains bool `json:"allowBareDomains" yaml:"allowBareDomains"`
AltNames []string `json:"altNames" yaml:"altNames"`
ClusterComponent string `json:"clusterComponent" yaml:"clusterComponent"`
ClusterID string `json:"clusterID" yaml:"clusterID"`
CommonName string `json:"commonName" yaml:"commonName"`
IPSANs []string `json:"ipSans" yaml:"ipSans"`
Organizations []string `json:"organizations" yaml:"organizations"`
TTL string `json:"ttl" yaml:"ttl"`
VersionBundle spec.VersionBundle `json:"versionBundle" yaml:"versionBundle"`
}
type TLSAssetType ¶
type TLSAssetType string
TLSAssetType represents the type of TLS asset, e.g. a CA certificate, or a certificate key These are used when getting a secret from the k8s API, to identify the specific type of TLS asset that is contained in the secret.
const ( // CA is the key for the CA certificate. CA TLSAssetType = "ca" // Crt is the key for the certificate. Crt TLSAssetType = "crt" // Key is the key for the key. Key TLSAssetType = "key" )
These constants are used to match each asset in the secret.
func (TLSAssetType) String ¶
func (t TLSAssetType) String() string
Source Files
Directories