certs

package
v3.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 17, 2021 License: Apache-2.0 Imports: 12 Imported by: 29

Documentation

Index

Constants

View Source 
const (
	// DefaultWatchTimeout is the time to wait on watches against the Kubernetes
	// API before giving up and throwing an error.
	DefaultWatchTimeout = 3 * time.Second
)
View Source 
const (
	// SecretNamespace is the namespace in which secrets are watched.
	SecretNamespace = metav1.NamespaceAll
)

Variables

View Source 
var AllCerts = []Cert{
	APICert,
	AppOperatorAPICert,
	AWSOperatorAPICert,
	CalicoEtcdClientCert,
	ClusterOperatorAPICert,
	EtcdCert,
	Etcd1Cert,
	Etcd2Cert,
	Etcd3Cert,
	FlanneldEtcdClientCert,
	InternalAPICert,
	NodeOperatorCert,
	PrometheusCert,
	PrometheusEtcdClientCert,
	ServiceAccountCert,
	WorkerCert,
}

AllCerts lists all certificates that can be created by cert-operator.

Functions

func IsInvalidConfig 

func IsInvalidConfig(err error) bool

func IsInvalidSecret 

func IsInvalidSecret(err error) bool

func IsTimeout 

func IsTimeout(err error) bool

func IsWrongType 

func IsWrongType(err error) bool

func K8sLabels 

func K8sLabels(cluster string, certificate Cert) map[string]string

K8sLabels returns labels for the Kubernetes object for the certificate name and the guest cluster ID.

func K8sName 

func K8sName(cluster string, certificate Cert) string

K8sName returns Kubernetes object name for the certificate name and the guest cluster ID.

Types

type AppOperator 

type AppOperator struct {
	APIServer TLS
}

type Cert 

type Cert string

Cert refers to a component we generate a certificate for. 

const (
	APICert                  Cert = "api"
	AppOperatorAPICert       Cert = "app-operator-api"
	AWSOperatorAPICert       Cert = "aws-operator-api"
	CalicoEtcdClientCert     Cert = "calico-etcd-client"
	ClusterOperatorAPICert   Cert = "cluster-operator-api"
	EtcdCert                 Cert = "etcd"
	Etcd1Cert                Cert = "etcd1"
	Etcd2Cert                Cert = "etcd2"
	Etcd3Cert                Cert = "etcd3"
	FlanneldEtcdClientCert   Cert = "flanneld-etcd-client"
	InternalAPICert          Cert = "internal-api"
	NodeOperatorCert         Cert = "node-operator"
	PrometheusCert           Cert = "prometheus"
	PrometheusEtcdClientCert Cert = "prometheus-etcd-client"
	ServiceAccountCert       Cert = "service-account"
	WorkerCert               Cert = "worker"
)

These constants are used as components identifying the purpose of generated certificates.

func (Cert) String 

func (c Cert) String() string

type ClusterOperator 

type ClusterOperator struct {
	APIServer TLS
}

type Config 

type Config struct {
	K8sClient kubernetes.Interface
	Logger    micrologger.Logger

	WatchTimeout time.Duration
}

type Draining 

type Draining struct {
	NodeOperator TLS
}

type File 

type File struct {
	AbsolutePath string
	Data         []byte
}

func NewFilesAPI 

func NewFilesAPI(cert TLS) []File

func NewFilesCalicoEtcdClient 

func NewFilesCalicoEtcdClient(cert TLS) []File

func NewFilesEtcd 

func NewFilesEtcd(cert TLS) []File

func NewFilesPrometheusEtcdClient added in v3.1.0 

func NewFilesPrometheusEtcdClient(cert TLS) []File

func NewFilesServiceAccount 

func NewFilesServiceAccount(cert TLS) []File

func NewFilesWorker 

func NewFilesWorker(cert TLS) []File

type Interface 

type Interface interface {
	// SearchAppOperator searches for secrets containing TLS certs
	// for managed catalogue service.
	SearchAppOperator(ctx context.Context, clusterID string) (AppOperator, error)
	// SearchClusterOperator searches for secrets containing TLS certs for
	// connecting to guest clusters.
	SearchClusterOperator(ctx context.Context, clusterID string) (ClusterOperator, error)
	// SearchDraining searches for secrets containing TLS certs for
	// draining nodes in guest clusters.
	SearchDraining(ctx context.Context, clusterID string) (Draining, error)
	// SearchMonitoring searches for secrets containing TLS certs for
	// monitoring guest clusters.
	SearchMonitoring(ctx context.Context, clusterID string) (Monitoring, error)
	// SearchTLS provides a dedicated way to lookup a single TLS asset for one
	// specific purpose. This might be used for e.g. granting guest cluster
	// access within operators.
	SearchTLS(ctx context.Context, clusterID string, cert Cert) (TLS, error)
}

type Monitoring 

type Monitoring struct {
	KubeStateMetrics TLS
	Prometheus       TLS
}

type Searcher 

type Searcher struct {
	// contains filtered or unexported fields
}

func NewSearcher 

func NewSearcher(config Config) (*Searcher, error)

func (*Searcher) SearchAppOperator 

func (s *Searcher) SearchAppOperator(ctx context.Context, clusterID string) (AppOperator, error)

func (*Searcher) SearchClusterOperator 

func (s *Searcher) SearchClusterOperator(ctx context.Context, clusterID string) (ClusterOperator, error)

func (*Searcher) SearchDraining 

func (s *Searcher) SearchDraining(ctx context.Context, clusterID string) (Draining, error)

func (*Searcher) SearchMonitoring 

func (s *Searcher) SearchMonitoring(ctx context.Context, clusterID string) (Monitoring, error)

func (*Searcher) SearchTLS 

func (s *Searcher) SearchTLS(ctx context.Context, clusterID string, cert Cert) (TLS, error)

type TLS 

type TLS struct {
	CA, Crt, Key []byte
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.