Documentation ¶
Overview ¶
Package kubenav implements the Go bindings for kubenav. We decided to use Go in some parts of the apps, because Flutter / Dart doesn't have a good alternative for the implemented functions.
Index ¶
- func AWSGetClusters(accessKeyID, secretKey, region, sessionToken, roleArn string) (string, error)
- func AWSGetSSOAccounts(ssoRegion, ssoClientID, ssoClientSecret, ssoDeviceCode string) (string, error)
- func AWSGetSSOConfig(ssoRegion, startURL string) (string, error)
- func AWSGetSSOToken(...) (string, error)
- func AWSGetToken(accessKeyID, secretKey, region, sessionToken, roleArn, clusterID string) (string, error)
- func AzureGetClusters(subscriptionID, tenantID, clientID, clientSecret string, isAdmin bool) (string, error)
- func CreateJSONPatch(source, target string) (string, error)
- func HelmGetRelease(clusterServer, clusterCertificateAuthorityData string, ...) (string, error)
- func HelmListReleaseHistory(clusterServer, clusterCertificateAuthorityData string, ...) (string, error)
- func HelmListReleases(clusterServer, clusterCertificateAuthorityData string, ...) (string, error)
- func HelmRollbackRelease(clusterServer, clusterCertificateAuthorityData string, ...) error
- func KubernetesGetLogs(clusterServer, clusterCertificateAuthorityData string, ...) (string, error)
- func KubernetesRequest(clusterServer, clusterCertificateAuthorityData string, ...) (string, error)
- func KubernetesStartServer()
- func OIDCDeviceAuth(discoveryURL, clientID, certificateAuthority, scopes string) (string, error)
- func OIDCDeviceAuthGetRefreshToken(discoveryURL, clientID, certificateAuthority, scopes, deviceCode string, ...) (string, error)
- func OIDCGetAccessToken(discoveryURL, clientID, clientSecret, certificateAuthority, scopes, ... string, ...) (string, error)
- func OIDCGetLink(discoveryURL, clientID, clientSecret, certificateAuthority, scopes, ... string) (string, error)
- func OIDCGetRefreshToken(discoveryURL, clientID, clientSecret, certificateAuthority, scopes, ... string, ...) (string, error)
- func PrettifyYAML(jsonStr string) (string, error)
- func PrometheusGetData(clusterServer, clusterCertificateAuthorityData string, ...) (string, error)
- type AWSSSOAccount
- type AWSSSOConfig
- type AWSSSOCredentials
- type AzureCluster
- type OIDCResponse
- type RollbackOptions
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AWSGetClusters ¶
AWSGetClusters returns all clusters which can be accessed with the given credentials.
func AWSGetSSOAccounts ¶
func AWSGetSSOAccounts(ssoRegion, ssoClientID, ssoClientSecret, ssoDeviceCode string) (string, error)
AWSGetSSOAccounts returns a list of accounts and roles for the currently authenticated user, so that a user does not have to provide these information by his own.
func AWSGetSSOConfig ¶
AWSGetSSOConfig registers a new AWS SSO client and starts the device authentication. The client and device authentication is returned, so that we can use the information in the following steps of the SSO flow.
func AWSGetSSOToken ¶
func AWSGetSSOToken(accountID, roleName, ssoRegion, ssoClientID, ssoClientSecret, ssoDeviceCode, accessToken string, accessTokenExpire int64) (string, error)
AWSGetSSOToken is used to request a new token with the client and device information from the former step in the sso flow. The retrieved access token is then used to get the credentials for AWS.
func AWSGetToken ¶
func AWSGetToken(accessKeyID, secretKey, region, sessionToken, roleArn, clusterID string) (string, error)
AWSGetToken returns a token, which can be used to access the Kubernetes API of a cluster with the given clusterID. See: https://github.com/kubernetes-sigs/aws-iam-authenticator/blob/7547c74e660f8d34d9980f2c69aa008eed1f48d0/pkg/token/token.go#L310
func AzureGetClusters ¶
func AzureGetClusters(subscriptionID, tenantID, clientID, clientSecret string, isAdmin bool) (string, error)
AzureGetClusters returns all clusters wich are available with the provided Azure credentials, the returned JSON encoded string contains all the clusters with there name and kubeconfig.
func CreateJSONPatch ¶
CreateJSONPatch creates a path for two given json strings. This is needed when a user edits a resource, where the source argument is the manifest of the current resource and the target is the edited manifest. The returned patch can then be send to the Kubernetes API to edit the resource.
func HelmGetRelease ¶
func HelmGetRelease(clusterServer, clusterCertificateAuthorityData string, clusterInsecureSkipTLSVerify bool, userClientCertificateData, userClientKeyData, userToken, userUsername, userPassword, proxy string, timeout int64, namespace, name string, version int64) (string, error)
HelmGetRelease returns a single of Helm release. The Helm release is identified by it's namespace, name and version. If an error occures during the process the error is returned.
func HelmListReleaseHistory ¶
func HelmListReleaseHistory(clusterServer, clusterCertificateAuthorityData string, clusterInsecureSkipTLSVerify bool, userClientCertificateData, userClientKeyData, userToken, userUsername, userPassword, proxy string, timeout int64, namespace, name string) (string, error)
HelmListReleaseHistory returns the History of a release. The Helm release is identified by it's namespace and name. If an error occures during the process the error is returned.
func HelmListReleases ¶
func HelmListReleases(clusterServer, clusterCertificateAuthorityData string, clusterInsecureSkipTLSVerify bool, userClientCertificateData, userClientKeyData, userToken, userUsername, userPassword, proxy string, timeout int64, namespace string) (string, error)
HelmListReleases returns a list of Helm releases for the given cluster and namespace. If an error occures during the process the error is returned.
func HelmRollbackRelease ¶
func HelmRollbackRelease(clusterServer, clusterCertificateAuthorityData string, clusterInsecureSkipTLSVerify bool, userClientCertificateData, userClientKeyData, userToken, userUsername, userPassword, proxy string, timeout int64, namespace, name string, version int64, options string) error
HelmRollbackRelease rolls back a Helm release. The Helm release is identified by it's namespace and name. The Helm release is rolled back to the provided version. If an error occures during the process the error is returned.
func KubernetesGetLogs ¶
func KubernetesGetLogs(clusterServer, clusterCertificateAuthorityData string, clusterInsecureSkipTLSVerify bool, userClientCertificateData, userClientKeyData, userToken, userUsername, userPassword, proxy string, timeout int64, names, namespace, container string, since int64, filter string, previous bool) (string, error)
KubernetesGetLogs returns the logs for a list of pods. The names of the Pods are provided via the "names" parameter, which must be a comma separated list of the Pod names. To use this function a user must also provide the namespace, container, since and previous parameter.
func KubernetesRequest ¶
func KubernetesRequest(clusterServer, clusterCertificateAuthorityData string, clusterInsecureSkipTLSVerify bool, userClientCertificateData, userClientKeyData, userToken, userUsername, userPassword, proxy string, timeout int64, requestMethod, requestURL, requestBody string) (string, error)
KubernetesRequest is used to execute a request against a Kubernetes API. The Kubernetes API server and it's ca are specified via the "clusterServer" and "clusterCertificateAuthorityData" arguments. To skip the tls verification the request can set the "clusterInsecureSkipTLSVerify" argument to true. To handle the authentication against the API server the "user*" arguments can be used. The "requestMethod", "requestURL" and "requestBody" arguments are then used for the actually request. E.g. to get all Pods from the Kubernetes API the method "GET" and the URL "/api/v1/pods" can be used.
func KubernetesStartServer ¶
func KubernetesStartServer()
KubernetesStartServer starts an Go server which listens on "14122". The server is responsible for providing the port forwarding and Pod exec feature for kubenav.
func OIDCDeviceAuth ¶
func OIDCGetAccessToken ¶
func OIDCGetAccessToken(discoveryURL, clientID, clientSecret, certificateAuthority, scopes, redirectURL, refreshToken string, useAccessToken bool) (string, error)
OIDCGetAccessToken is used to retrieve an access token from a refresh token.
func OIDCGetLink ¶
func OIDCGetLink(discoveryURL, clientID, clientSecret, certificateAuthority, scopes, redirectURL, pkceMethod string) (string, error)
OIDCGetLink returns the link for the configured OIDC provider. The Link can then be used by the user to login.
func OIDCGetRefreshToken ¶
func OIDCGetRefreshToken(discoveryURL, clientID, clientSecret, certificateAuthority, scopes, redirectURL, pkceMethod, code, verifier string, useAccessToken bool) (string, error)
OIDCGetRefreshToken returns a refresh token for the configured OIDC provider. The refresh token can be used to get a new access token via the OIDCGetAccessToken function.
func PrettifyYAML ¶
PrettifyYAML takes a json string as argument and returns a prettified yaml string. For that we have to unmarshal the json string into a map[string]interface{} which we can then marshal to the prettified yaml string.
func PrometheusGetData ¶
func PrometheusGetData(clusterServer, clusterCertificateAuthorityData string, clusterInsecureSkipTLSVerify bool, userClientCertificateData, userClientKeyData, userToken, userUsername, userPassword, proxy string, timeout int64, request string) (string, error)
PrometheusGetData can be used to run a list multiple PromQL queries against a Prometheus instance.
Types ¶
type AWSSSOAccount ¶
type AWSSSOAccount struct { AccountID string `json:"accountId"` AccountName string `json:"accountName"` Roles []string `json:"roles"` AccessToken string `json:"accessToken"` AccessTokenExpire int64 `json:"accessTokenExpire"` }
AWSSSOAccount represents a single AWS SSO account with it's name and id and all the available roles for an authenticated user. It also contains the access token and expire timestamp which was generated to get the account, so that they can be used to get the sso credentials in a follow up API call.
type AWSSSOConfig ¶
type AWSSSOConfig struct { Client ssooidc.RegisterClientOutput `json:"client"` Device ssooidc.StartDeviceAuthorizationOutput `json:"device"` }
AWSSSOConfig is the structure of the returned data from the AWS SSO config call. It contains the client and the registered device, which can be used to continue with the sso flow.
type AWSSSOCredentials ¶
type AWSSSOCredentials struct { AccessKeyID string `json:"accessKeyId"` SecretAccessKey string `json:"secretAccessKey"` SessionToken string `json:"sessionToken"` Expire int64 `json:"expire"` Region string `json:"region"` SSORegion string `json:"ssoRegion"` StartURL string `json:"startURL"` AccountID string `json:"accountID"` RoleName string `json:"roleName"` AccessToken string `json:"accessToken"` AccessTokenExpire int64 `json:"accessTokenExpire"` }
AWSSSOCredentials is the structure of the AWS credentials generated via AWS SSO.
type AzureCluster ¶
type AzureCluster struct { Name string `json:"name"` Kubeconfig interface{} `json:"kubeconfig"` }
AzureCluster represents a single Azure cluster, with it's name and kubeconfig.
type OIDCResponse ¶
type OIDCResponse struct { URL string `json:"url"` IDToken string `json:"idToken"` RefreshToken string `json:"refreshToken"` Verifier string `json:"verifier"` }
OIDCResponse is the structure of a response for one of the OIDC methods.
type RollbackOptions ¶
type RollbackOptions struct { CleanupOnFail bool `json:"cleanupOnFail"` DryRun bool `json:"dryRun"` Force bool `json:"force"` MaxHistory int `json:"maxHistory"` DisableHooks bool `json:"disableHooks"` Recreate bool `json:"recreate"` Timeout int64 `json:"timeout"` Wait bool `json:"wait"` WaitForJobs bool `json:"waitForJobs"` }