Documentation
¶
Index ¶
- Constants
- Variables
- func GetClientsetFromClusterConfig(config *rest.Config) (*kubernetes.Clientset, error)
- func GetClusterClientConfig() (*rest.Config, error)
- func GetClusterClientset() (*kubernetes.Clientset, error)
- func GetLogInstance() logr.Logger
- func GetRESTClient() (*rest.RESTClient, error)
- func SetLogInstance(l logr.Logger)
- type FileModType
- type KeyAdvertisingType
- type KeyAssociation
- type KeyAssociationInfo
- type KeyAssociationMap
- type KeyAssociationSha1Map
- type KeyAssociationSha256Map
- type KeyAssociationShaMap
- type KeyObtainInfo
- type KeyRotateInfo
- type KeySelectiveMap
- type SHAType
- type TangServerReconciler
- func (r *TangServerReconciler) CreateNewKeysIfNecessary(k KeyObtainInfo) bool
- func (r *TangServerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
- func (r *TangServerReconciler) SetupWithManager(mgr ctrl.Manager) error
- func (r *TangServerReconciler) UpdateKeys(k KeyObtainInfo)
Constants ¶
const ( DEFAULT_DEPLOYMENT_PREFIX = "tangdeployment-" DEFAULT_REPLICA_AMOUNT = 1 DEFAULT_DEPLOYMENT_TYPE = "Deployment" )
Constants to use
const ( DEFAULT_SERVICE_PORT = 7500 DEFAULT_SERVICE_TYPE = "Service" DEFAULT_API_VERSION = "v1" DEFAULT_SERVICE_PREFIX = "service-" DEFAULT_SERVICE_PROTO = "http" )
constants to use
const DEFAULT_APP_IMAGE = "registry.redhat.io/rhel9/tang"
const DEFAULT_APP_VERSION = "latest"
const DEFAULT_DEPLOYMENT_HEALTH_CHECK = "/usr/bin/tangd-health-check"
const DEFAULT_DEPLOYMENT_KEY_PATH = "/var/db/tang"
const DEFAULT_LIVENESS_INITIALDELAYSECONDS = 27
const DEFAULT_LIVENESS_PERIOD_SECONDS = 16
const DEFAULT_LIVENESS_TIMEOUT_SECONDS = 5
const DEFAULT_POD_RUNNING_PORT = 8080
const DEFAULT_READY_INITIALDELAYSECONDS = 5
const DEFAULT_READY_PERIOD_SECONDS = 15
const DEFAULT_READY_TIMEOUT_SECONDS = 5
const DEFAULT_RECONCILE_TIMER_NO_ACTIVE_KEYS = 5 // seconds
Default recheck of keys when no active keys exit
const DEFAULT_TANGSERVER_NAME = "tangserver"
const DEFAULT_TANGSERVER_PVC_NAME = "tangserver-pvc"
const DEFAULT_TANGSERVER_SECRET = "tangserversecret"
const DEFAULT_TANG_FINALIZER = "finalizer.daemons.tangserver.redhat.com"
Finalizer for tang server
const KEY_STATUS_FILE_NAME = "key_status.txt"
Variables ¶
var FORBIDDEN_PATH_MAP = map[string]string{
".": "FORBIDDEN",
"..": "FORBIDDEN",
"lost+found": "FORBIDDEN",
}
Functions ¶
func GetClientsetFromClusterConfig ¶
func GetClientsetFromClusterConfig(config *rest.Config) (*kubernetes.Clientset, error)
GetClientsetFromClusterConfig takes REST config and Create a clientset based on that and return that clientset
func GetClusterClientConfig ¶
GetClusterClientConfig first tries to get a config object which uses the service account kubernetes gives to pods, if it is called from a process running in a kubernetes environment. Otherwise, it tries to build config from a default kubeconfig filepath if it fails, it fallback to the default config. Once it get the config, it returns the same.
func GetClusterClientset ¶
func GetClusterClientset() (*kubernetes.Clientset, error)
GetClusterClientset first tries to get a config object which uses the service account kubernetes gives to pods, if it is called from a process running in a kubernetes environment. Otherwise, it tries to build config from a default kubeconfig filepath if it fails, it fallback to the default config. Once it get the config, it creates a new Clientset for the given config and returns the clientset.
func GetLogInstance ¶ added in v0.0.28
func GetRESTClient ¶
func GetRESTClient() (*rest.RESTClient, error)
GetRESTClient first tries to get a config object which uses the service account kubernetes gives to pods, if it is called from a process running in a kubernetes environment. Otherwise, it tries to build config from a default kubeconfig filepath if it fails, it fallback to the default config. Once it get the config, it
func SetLogInstance ¶ added in v0.0.28
Types ¶
type FileModType ¶
type FileModType uint8
const ( UNKNOWN_MOD FileModType = iota CREATION MODIFICATION )
type KeyAdvertisingType ¶
type KeyAdvertisingType uint8
const ( UNKNOWN_ADVERTISED KeyAdvertisingType = iota ALL_KEYS ONLY_ADVERTISED ONLY_UNADVERTISED )
type KeyAssociation ¶ added in v0.0.23
type KeyAssociationInfo ¶ added in v0.0.23
type KeyAssociationInfo struct {
KeyInfo *KeyObtainInfo
KeyAssoc KeyAssociation
}
type KeyAssociationMap ¶ added in v0.0.23
type KeyAssociationMap struct {
KeyStatusSha1Map KeyAssociationSha1Map `json:"sha1"`
KeyStatusSha256Map KeyAssociationSha256Map `json:"sha256"`
}
type KeyAssociationSha1Map ¶ added in v0.0.23
type KeyAssociationSha1Map map[string]KeyAssociation
type KeyAssociationSha256Map ¶ added in v0.0.23
type KeyAssociationSha256Map map[string]KeyAssociation
type KeyAssociationShaMap ¶ added in v0.0.23
type KeyAssociationShaMap map[string]KeyAssociation
type KeyObtainInfo ¶
type KeyObtainInfo struct {
PodName string
Namespace string
DbPath string
TangServer *daemonsv1alpha1.TangServer
}
type KeyRotateInfo ¶
type KeyRotateInfo struct {
KeyInfo *KeyObtainInfo
KeyFileName string
}
type KeySelectiveMap ¶ added in v0.0.23
type TangServerReconciler ¶
type TangServerReconciler struct {
client.Client
Scheme *runtime.Scheme
Recorder record.EventRecorder
}
TangServerReconciler reconciles a TangServer object
func (*TangServerReconciler) CreateNewKeysIfNecessary ¶
func (r *TangServerReconciler) CreateNewKeysIfNecessary(k KeyObtainInfo) bool
CreateNewKeysIfNecessary creates new keys if spec mandates so
func (*TangServerReconciler) Reconcile ¶
func (r *TangServerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
Reconcile is part of the main kubernetes reconciliation loop which aims to move the current state of the cluster closer to the desired state. TODO(user): Modify the Reconcile function to compare the state specified by the TangServer object against the actual cluster state, and then perform operations to make the cluster state reflect the state specified by the user.
For more details, check Reconcile and its Result here: - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.8.3/pkg/reconcile +kubebuilder:rbac:groups=apps.redhat,resources=tangservers,verbs=get;list;watch;create;update;patch;delete +kubebuilder:rbac:groups=apps.redhat,resources=tangservers/status,verbs=get;update;patch
func (*TangServerReconciler) SetupWithManager ¶
func (r *TangServerReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
func (*TangServerReconciler) UpdateKeys ¶
func (r *TangServerReconciler) UpdateKeys(k KeyObtainInfo)
UpdateKeys updates keys in the CR status
Source Files
¶
- tangserver_controller.go
- tangserver_controller_client.go
- tangserver_controller_deployment.go
- tangserver_controller_imageinfo.go
- tangserver_controller_keyhandler.go
- tangserver_controller_keystatus.go
- tangserver_controller_log.go
- tangserver_controller_pod.go
- tangserver_controller_podfile.go
- tangserver_controller_probe.go
- tangserver_controller_service.go