legacy

package

v0.0.0-...-34d1f6c Latest Latest Go to latest Published: Jan 17, 2019 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/giantswarm/legacycerts

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func IsInvalidConfig(err error) bool
func IsSecretsRetrievalFailed(err error) bool
func ValidComponent(el ClusterComponent, components []ClusterComponent) bool
type AssetsBundle
type AssetsBundleKey
type ClusterComponent
- func (c ClusterComponent) String() string
type CompactTLSAssets
type Searcher
type Service
- func NewService(config ServiceConfig) (*Service, error)
- func (s *Service) SearchCerts(clusterID string) (AssetsBundle, error)
- func (s *Service) SearchCertsForComponent(clusterID, componentName string) (AssetsBundle, error)
type ServiceConfig
- func DefaultServiceConfig() ServiceConfig
type TLSAssetType
- func (t TLSAssetType) String() string

Constants ¶

View Source

const (
	// ComponentLabel is the label used in the secret to identify a cluster
	// component.
	ComponentLabel string = "clusterComponent"
	// ClusterIDLabel is the label used in the secret to identify a cluster.
	ClusterIDLabel string = "clusterID"
)

These constants are used when filtering the secrets, to only retrieve the ones we are interested in.

View Source

const (
	// WatchTimeOut is the time to wait on watches against the Kubernetes API
	// before giving up and throwing an error.
	WatchTimeOut = 90 * time.Second
)

Variables ¶

View Source

var ClusterComponents = []ClusterComponent{
	APIComponent,
	CalicoComponent,
	EtcdComponent,
	ServiceAccountComponent,
	WorkerComponent,
}

ClusterComponents is a slice enumerating all the components that make up the cluster.

TODO add FlanneldComponent as soon as all guest clusters have Flanneld certificates.

View Source

var ClusterOperatorComponents = []ClusterComponent{
	ClusterOperatorAPIComponent,
}

ClusterOperatorComponents is a slice enumerating all the components that are used by cluster-operator.

View Source

var DrainingComponents = []ClusterComponent{
	NodeOperatorComponent,
}

View Source

var MonitoringComponents = []ClusterComponent{
	PrometheusComponent,
	KubeStateMetricsComponent,
}

MonitoringComponents is a slice enumerating all the components that make up monitoring.

View Source

var TLSAssetTypes = []TLSAssetType{CA, Crt, Key}

TLSAssetTypes is a slice enumerating all the TLS assets we need to boot the cluster.

Functions ¶

func IsInvalidConfig ¶

func IsInvalidConfig(err error) bool

IsInvalidConfig asserts invalidConfigError.

func IsSecretsRetrievalFailed ¶

func IsSecretsRetrievalFailed(err error) bool

IsSecretsRetrievalFailed asserts secretsRetrievalFailedError.

func ValidComponent ¶

func ValidComponent(el ClusterComponent, components []ClusterComponent) bool

ValidComponent looks for el among the components.

Types ¶

type AssetsBundle ¶

type AssetsBundle map[AssetsBundleKey][]byte

AssetsBundle is a structure that contains all the assets for all the components.

type AssetsBundleKey ¶

type AssetsBundleKey struct {
	Component ClusterComponent
	Type      TLSAssetType
}

AssetsBundleKey is a struct key for an AssetsBundle cfr. https://blog.golang.org/go-maps-in-action

type ClusterComponent ¶

type ClusterComponent string

ClusterComponent represents the individual component of a k8s cluster, e.g. the API server, or etcd These are used when getting a secret from the k8s API, to identify the component the secret belongs to.

const (
	// APIComponent is the API server component.
	APIComponent ClusterComponent = "api"
	// CalicoComponent is the calico component.
	CalicoComponent ClusterComponent = "calico"
	// ClusterOperatorAPIComponent is the cluster-operator api component.
	ClusterOperatorAPIComponent ClusterComponent = "cluster-operator-api"
	// EtcdComponent is the etcd cluster component.
	EtcdComponent ClusterComponent = "etcd"
	// FlanneldComponent is the flanneld cluster component.
	FlanneldComponent ClusterComponent = "flanneld"
	// KubeStateMetricsComponent is the kube-state-metrics component.
	KubeStateMetricsComponent ClusterComponent = "kube-state-metrics"
	// NodeOperatorComponent is the prometheus component.
	NodeOperatorComponent ClusterComponent = "node-operator"
	// PrometheusComponent is the prometheus component.
	PrometheusComponent ClusterComponent = "prometheus"
	// ServiceAccountComponent is the service-account component.
	ServiceAccountComponent ClusterComponent = "service-account"
	// WorkerComponent is a worker component.
	WorkerComponent ClusterComponent = "worker"
)

These constants are used to match different components of the cluster when parsing a secret received from the API.

func (ClusterComponent) String ¶

func (c ClusterComponent) String() string

type CompactTLSAssets ¶

type CompactTLSAssets struct {
	APIServerCA       string
	APIServerKey      string
	APIServerCrt      string
	WorkerCA          string
	WorkerKey         string
	WorkerCrt         string
	ServiceAccountCA  string
	ServiceAccountKey string
	ServiceAccountCrt string
	CalicoClientCA    string
	CalicoClientKey   string
	CalicoClientCrt   string
	EtcdServerCA      string
	EtcdServerKey     string
	EtcdServerCrt     string
}

CompactTLSAssets is a struct used by operators to store stringified TLS assets.

type Searcher ¶

type Searcher interface {
	SearchCerts(clusterID string) (AssetsBundle, error)
}

type Service ¶

type Service struct {
	// contains filtered or unexported fields
}

Service implements the certificate TPR service.

func NewService ¶

func NewService(config ServiceConfig) (*Service, error)

NewService creates a new configured certificate TPR service.

func (*Service) SearchCerts ¶

func (s *Service) SearchCerts(clusterID string) (AssetsBundle, error)

SearchCerts watches for all secrets of a cluster and returns it as assets bundle.

func (*Service) SearchCertsForComponent ¶

func (s *Service) SearchCertsForComponent(clusterID, componentName string) (AssetsBundle, error)

SearchCertsForComponent watches for secrets of a single cluster component and returns it as assets bundle.

type ServiceConfig ¶

type ServiceConfig struct {
	// Dependencies.
	K8sClient kubernetes.Interface
	Logger    micrologger.Logger
}

ServiceConfig represents the configuration used to create a certificate TPR service.

func DefaultServiceConfig ¶

func DefaultServiceConfig() ServiceConfig

DefaultServiceConfig provides a default configuration to create a new certificate TPR service by best effort.

type TLSAssetType ¶

type TLSAssetType string

TLSAssetType represents the type of TLS asset, e.g. a CA certificate, or a certificate key These are used when getting a secret from the k8s API, to identify the specific type of TLS asset that is contained in the secret.

const (
	// CA is the key for the CA certificate.
	CA TLSAssetType = "ca"
	// Crt is the key for the certificate.
	Crt TLSAssetType = "crt"
	// Key is the key for the key.
	Key TLSAssetType = "key"
)

These constants are used to match each asset in the secret.

func (TLSAssetType) String ¶

func (t TLSAssetType) String() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
legacytest

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL