Documentation ¶
Index ¶
- Variables
- func GcpInit(ctx context.Context, mds *meshauth.MeshAuth, acct string) error
- func InitDefaultTokenSource(ctx context.Context) func(context.Context, string) (string, error)
- func ProjectLabels(ctx context.Context, p string) (map[string]string, error)
- func ProjectNumber(p string) string
- func RegionFromMetadata() (string, error)
- type GCP
- type GCPAuthProvider
- type GKE
- func (kr *GKE) DefaultsFromEnvAndMD(ctx context.Context) error
- func (kr *GKE) FindClusters(ctx context.Context, configProjectId string, location string) ([]*GKECluster, error)
- func (kr *GKE) FindHubClusters(ctx context.Context, configProjectId string) ([]*GKECluster, error)
- func (kr *GKE) GKECluster(ctx context.Context, p, l, clusterName string) (*GKECluster, error)
- func (kr *GKE) InitGKE(ctx context.Context) error
- func (kr *GKE) PickCluster(ctx context.Context, cll []*GKECluster) error
- func (gke *GKE) TrustDomain() string
- func (kr *GKE) UsableSubnetworks(ctx context.Context)
- type GKECluster
Constants ¶
This section is empty.
Variables ¶
var (
GCPInitTime time.Duration
)
Functions ¶
func GcpInit ¶
GcpInit will detect google credentials or MDS, and init the MDS struct accordingly.
- projectId will be populated based on credentials - an access token source will be populated ("gcp")
DefaultTokenSource will: - check GOOGLE_APPLICATION_CREDENTIALS - should be downloaded service account, can produce JWTs - ~/.config/gcloud/application_default_credentials.json" - use metadata
This also works for K8S, using node MDS or GKE MDS - but only if the ServiceAccount is annotated with a GSA (with permissions to use). Also specific to GKE and GCP APIs.
func InitDefaultTokenSource ¶
Create a token source for access tokens - based on GOOGLE_APPLICATION_CREDENTIALS or MDS This only returns access tokens if the default credentials are for a google account. Best to use the fake MDS
func ProjectNumber ¶
func RegionFromMetadata ¶
Types ¶
type GCP ¶
type GCP struct { // Current project ID - tokens are associated with this project ProjectId string // Can be a region (Cloudrun, K8S) or zone (for VMs, K8S) Location string // For Cloudrun - instanceid. For VM - hostname. For K8S - pod (without suffix) InstanceID string }
Info about the current user's GCP account and instance.
type GCPAuthProvider ¶
type GCPAuthProvider struct { // Returns access tokens for a user or service account (via default credentials) // or federated access tokens. AccessTokenSource oauth2.TokenSource // GSA to get tokens for. GSA string }
GCPAuthProvider returns access or JWT tokens for a google account.
type GKE ¶
type GKE struct { // Current project ID - tokens are associated with this project ProjectId string // Required for using hub ProjectNumber string // Project where GKE clusters are located. ConfigProjectId string // Clusters is populated by UpdateClusters Clusters []*GKECluster // Active cluster. // Set using Cluster *GKECluster ClusterLocation string MeshAddr *url.URL ClusterName string // For backward compat, POD_NAMESPACE is set as default, followed by "default" Namespace string // If set, this account will be used by exchanging current google account tokens // with this K8S account KSA string // --------------- old ---------------- GSA string InCluster bool Debug bool Client *kubernetes.Clientset }
TODO: finish hub.
func (*GKE) DefaultsFromEnvAndMD ¶
DefaultsFromEnvAndMD will attempt to configure ProjectId, ClusterName, ClusterLocation, ProjectNumber, used on GCP Metadata server will be tried if env variables don't exist.
func (*GKE) FindClusters ¶
func (kr *GKE) FindClusters(ctx context.Context, configProjectId string, location string) ([]*GKECluster, error)
Updates the list of clusters in the config project.
Requires container.clusters.list
func (*GKE) FindHubClusters ¶
Find clusters in the hub, using connect gateway. Note the 2400 qpm (40 QPS) per project limit - may be best to use a local replica. roles/gkehub.viewer to list roles/gkehub.gatewayReader for read roles/gkehub.gatewayEditor for write
func (*GKE) GKECluster ¶
func (*GKE) InitGKE ¶
InitGKE will use MDS and env variables to initialize, then connect to GKE to get the list of available clusters or the explicitly configured cluster.
It will populate the rest.Config for the cluster if K8S env variable is set.
Will load all clusters otherwise, and select one:
-
func (*GKE) PickCluster ¶
func (kr *GKE) PickCluster(ctx context.Context, cll []*GKECluster) error
InitGKE loads GCP-specific metadata and discovers the config cluster. This step is skipped if user has explicit configuration for required settings.
Namespace, ProjectId, ProjectNumber ClusterName, ClusterLocation
func (*GKE) TrustDomain ¶
Trust domain for the mesh - based on the config cluster.
func (*GKE) UsableSubnetworks ¶
type GKECluster ¶
type GKECluster struct { // mangled name FullName string ClusterName string ClusterLocation string ProjectId string GKECluster *containerpb.Cluster // contains filtered or unexported fields }
GKECluster wraps cluster information for a discovered hub or gke cluster.
func (*GKECluster) Name ¶
func (gke *GKECluster) Name() string
func (*GKECluster) RestConfig ¶
func (gke *GKECluster) RestConfig() *rest.Config
Returns a rest config for the cluster. Similar to the 'in cluster config' - but using MDS auth.