Documentation
¶
Overview ¶
Package kubernetes implements Kubernetes Secret backend used for persisting identity and state for agent's running in Kubernetes clusters.
Index ¶
- Constants
- func InKubeCluster() bool
- type Backend
- func (b *Backend) Create(ctx context.Context, i backend.Item) (*backend.Lease, error)
- func (b *Backend) Exists(ctx context.Context) bool
- func (b *Backend) Get(ctx context.Context, key []byte) (*backend.Item, error)
- func (b *Backend) GetName() string
- func (b *Backend) Put(ctx context.Context, i backend.Item) (*backend.Lease, error)
- type Config
Constants ¶
const ( // NamespaceEnv is the env variable defined by the Helm chart that contains the // namespace value. NamespaceEnv = "KUBE_NAMESPACE" // ReleaseNameEnv is the env variable defined by the Helm chart that contains the // release name value. ReleaseNameEnv = "RELEASE_NAME" )
Variables ¶
This section is empty.
Functions ¶
func InKubeCluster ¶
func InKubeCluster() bool
InKubeCluster detemines if the agent is running inside a Kubernetes cluster and has access to service account token and cluster CA. Besides, it also validates the presence of `KUBE_NAMESPACE` and `TELEPORT_REPLICA_NAME` environment variables to generate the secret name.
Types ¶
type Backend ¶
type Backend struct {
Config
// contains filtered or unexported fields
}
Backend implements a subset of the teleport backend API backed by a kuberentes secret resource and storing backend items as entries in the secret's 'data' map.
func NewShared ¶
NewShared returns a new instance of the kuberentes shared secret store (equivalent to New() except that this backend can be written to by any teleport agent within the helm release. used for propagating relevant state to controllers).
func NewSharedWithClient ¶
func NewSharedWithClient(restClient kubernetes.Interface) (*Backend, error)
NewSharedWithClient returns a new instance of the shared kubernetes secret store with the provided client (equivalent to NewWithClient() except that this backend can be written to by any teleport agent within the helm release. used for propagating relevant state to controllers).
func NewWithClient ¶
func NewWithClient(restClient kubernetes.Interface) (*Backend, error)
NewWithClient returns a new instance of Kubernetes Secret identity backend storage with the provided client.
func NewWithConfig ¶
NewWithConfig returns a new instance of Kubernetes Secret identity backend storage with the provided config.
func (*Backend) Exists ¶
Exists checks if the secret already exists in Kubernetes. It's used to determine if the agent never created a secret and might upgrade from local SQLite database. In that case, the agent reads local database and creates a copy of the keys in Kube Secret.
type Config ¶
type Config struct {
// Namespace is the Agent's namespace
// Field is required
Namespace string
// SecretName is the name of the kubernetes secret resource that backs this store. Conventionally
// this will be set to '<replica-name>-state' for per-agent secret store, and '<release-name>-shared-state'
// for the shared release-level store.
// Field is required
SecretName string
// FieldManager is the name used to identify the "owner" of fields within
// the store. This is the replica name in the per-agent state store, and
// helm release name (or 'teleport') in the shared store.
// Field is required.
FieldManager string
// ReleaseName is the HELM release name
// Field is optional
ReleaseName string
// KubeClient is the Kubernetes rest client
// Field is required
KubeClient kubernetes.Interface
}
Config structure represents configuration section
Source Files