kubernetes

package

v11.3.3 Latest Latest Go to latest Published: Dec 13, 2022 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package kubernetes implements Kubernetes Secret backend used for persisting identity and state for agent's running in Kubernetes clusters.

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func InKubeCluster ¶

func InKubeCluster() bool

InKubeCluster detemines if the agent is running inside a Kubernetes cluster and has access to service account token and cluster CA. Besides, it also validates the presence of `KUBE_NAMESPACE` and `TELEPORT_REPLICA_NAME` environment variables to generate the secret name.

Types ¶

type Backend ¶

type Backend struct {
	Config
	// contains filtered or unexported fields
}

Backend uses Kubernetes Secrets to store identities.

func New ¶

func New() (*Backend, error)

New returns a new instance of Kubernetes Secret identity backend storage.

func NewWithClient ¶

func NewWithClient(restClient kubernetes.Interface) (*Backend, error)

NewWithClient returns a new instance of Kubernetes Secret identity backend storage with the provided client.

func NewWithConfig ¶

func NewWithConfig(conf Config) (*Backend, error)

NewWithConfig returns a new instance of Kubernetes Secret identity backend storage with the provided config.

func (*Backend) Create ¶

func (b *Backend) Create(ctx context.Context, i backend.Item) (*backend.Lease, error)

Create creates item

func (*Backend) Exists ¶

func (b *Backend) Exists(ctx context.Context) bool

Exists checks if the secret already exists in Kubernetes. It's used to determine if the agent never created a secret and might upgrade from local SQLite database. In that case, the agent reads local database and creates a copy of the keys in Kube Secret.

func (*Backend) Get ¶

func (b *Backend) Get(ctx context.Context, key []byte) (*backend.Item, error)

Get reads the secret and extracts the key from it. If the secret does not exist or the key is not found it returns trace.Notfound, otherwise returns the underlying error.

func (*Backend) Put ¶

func (b *Backend) Put(ctx context.Context, i backend.Item) (*backend.Lease, error)

Put puts value into backend (creates if it does not exist, updates it otherwise)

func (*Backend) PutRange ¶

func (b *Backend) PutRange(ctx context.Context, items []backend.Item) error

PutRange receives multiple items and upserts them into the Kubernetes Secret. This function is only used when the Agent's Secret does not exist, but local SQLite database has identity credentials. TODO(tigrato): remove this once the compatibility layer between local storage and Kube secret storage is no longer required!

type Config ¶

type Config struct {
	// Namespace is the Agent's namespace
	// Field is required
	Namespace string
	// SecretName is unique secret per agent where state and identity will be stored.
	// Field is required
	SecretName string
	// ReplicaName is the Agent's pod name
	// Field is required
	ReplicaName string
	// ReleaseName is the HELM release name
	// Field is optional
	ReleaseName string
	// KubeClient is the Kubernetes rest client
	// Field is required
	KubeClient kubernetes.Interface
}

Config structure represents configuration section

func (Config) Check ¶

func (c Config) Check() error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL