Documentation ¶
Index ¶
- Constants
- func CASecretName(clusterName string) string
- func KubeconfigSecretName(clusterName string) string
- type Client
- type HookRegistrar
- type Installer
- func (i *Installer) CreateAndInstallAWSIAMAuthCASecret(ctx context.Context, managementCluster *types.Cluster, clusterName string) error
- func (i *Installer) InstallAWSIAMAuth(ctx context.Context, management, workload *types.Cluster, spec *cluster.Spec) error
- func (i *Installer) UpgradeAWSIAMAuth(ctx context.Context, cluster *types.Cluster, spec *cluster.Spec) error
- type KubernetesClient
- type RetrierClient
- func (c RetrierClient) Apply(ctx context.Context, cluster *types.Cluster, data []byte) error
- func (c RetrierClient) GetAPIServerURL(ctx context.Context, cluster *types.Cluster) (string, error)
- func (c RetrierClient) GetClusterCACert(ctx context.Context, cluster *types.Cluster, clusterName string) ([]byte, error)
- type RetrierClientOpt
- type TemplateBuilder
- func (t *TemplateBuilder) GenerateCertKeyPairSecret(certgen crypto.CertificateGenerator, managementClusterName string) ([]byte, error)
- func (t *TemplateBuilder) GenerateKubeconfig(clusterSpec *cluster.Spec, clusterID uuid.UUID, serverURL, tlsCert string) ([]byte, error)
- func (t *TemplateBuilder) GenerateManifest(clusterSpec *cluster.Spec, clusterID uuid.UUID) ([]byte, error)
Constants ¶
const ( // AwsIamAuthConfigMapName is the name of AWS IAM Authenticator configuration. AwsIamAuthConfigMapName = "aws-iam-authenticator" // AwsAuthConfigMapName is the name of IAM roles and users mapping for AWS IAM Authenticator. AwsAuthConfigMapName = "aws-auth" )
Variables ¶
This section is empty.
Functions ¶
func CASecretName ¶ added in v0.13.0
CASecretName returns the name of AWS IAM Authenticator secret containing the CA for the cluster.
func KubeconfigSecretName ¶ added in v0.13.0
KubeconfigSecretName returns the name of the AWS IAM Authenticator kubeconfig secret for the cluster.
Types ¶
type Client ¶ added in v0.15.2
type Client interface { ApplyKubeSpecFromBytes(ctx context.Context, cluster *types.Cluster, data []byte) error GetApiServerUrl(ctx context.Context, cluster *types.Cluster) (string, error) GetObject(ctx context.Context, resourceType string, name string, namespace string, kubeconfig string, obj runtime.Object) error }
Client is a Kubernetes client.
type HookRegistrar ¶ added in v0.13.0
type HookRegistrar struct { *Installer // contains filtered or unexported fields }
HookRegistrar is responsible for binding AWS IAM Auth hooks to workflows so it can be installed.
func NewHookRegistrar ¶ added in v0.13.0
func NewHookRegistrar(installer *Installer, spec *cluster.Spec) HookRegistrar
NewHookRegistrar creates a HookRegistrar instance.
func (HookRegistrar) RegisterCreateManagementClusterHooks ¶ added in v0.13.0
func (r HookRegistrar) RegisterCreateManagementClusterHooks(binder workflow.HookBinder)
type Installer ¶ added in v0.13.0
type Installer struct {
// contains filtered or unexported fields
}
Installer provides the necessary behavior for installing the AWS IAM Authenticator.
func NewInstaller ¶ added in v0.13.0
func NewInstaller( certgen crypto.CertificateGenerator, clusterID uuid.UUID, k8s KubernetesClient, writer filewriter.FileWriter, ) *Installer
NewInstaller creates a new installer instance.
func (*Installer) CreateAndInstallAWSIAMAuthCASecret ¶ added in v0.13.0
func (i *Installer) CreateAndInstallAWSIAMAuthCASecret(ctx context.Context, managementCluster *types.Cluster, clusterName string) error
CreateAndInstallAWSIAMAuthCASecret creates a Kubernetes Secret in cluster containing a self-signed certificate and key for a cluster identified by clusterName.
func (*Installer) InstallAWSIAMAuth ¶ added in v0.13.0
func (i *Installer) InstallAWSIAMAuth( ctx context.Context, management, workload *types.Cluster, spec *cluster.Spec, ) error
InstallAWSIAMAuth installs AWS IAM Authenticator deployment manifests into the workload cluster. It writes a Kubeconfig to disk for kubectl access using AWS IAM Authentication.
type KubernetesClient ¶ added in v0.13.0
type KubernetesClient interface { Apply(ctx context.Context, cluster *types.Cluster, data []byte) error GetAPIServerURL(ctx context.Context, cluster *types.Cluster) (string, error) GetClusterCACert(ctx context.Context, cluster *types.Cluster, clusterName string) ([]byte, error) }
KubernetesClient provides Kubernetes API access.
type RetrierClient ¶ added in v0.15.2
type RetrierClient struct {
// contains filtered or unexported fields
}
RetrierClient wraps basic kubernetes API operations around a retrier.
func NewRetrierClient ¶ added in v0.15.2
func NewRetrierClient(client Client, opts ...RetrierClientOpt) RetrierClient
NewRetrierClient constructs a new RetrierClient.
func (RetrierClient) GetAPIServerURL ¶ added in v0.15.2
GetAPIServerURL gets the api server url from K8s config.
func (RetrierClient) GetClusterCACert ¶ added in v0.15.2
func (c RetrierClient) GetClusterCACert(ctx context.Context, cluster *types.Cluster, clusterName string) ([]byte, error)
GetClusterCACert gets the ca cert for a cluster from a secret.
type RetrierClientOpt ¶ added in v0.15.2
type RetrierClientOpt func(*RetrierClient)
RetrierClientOpt allows to customize a RetrierClient on construction.
func RetrierClientRetrier ¶ added in v0.15.2
func RetrierClientRetrier(retrier retrier.Retrier) RetrierClientOpt
RetrierClientRetrier allows to use a custom retrier.
type TemplateBuilder ¶ added in v0.13.0
type TemplateBuilder struct{}
TemplateBuilder generates manifest files from templates.
func (*TemplateBuilder) GenerateCertKeyPairSecret ¶ added in v0.13.0
func (t *TemplateBuilder) GenerateCertKeyPairSecret(certgen crypto.CertificateGenerator, managementClusterName string) ([]byte, error)
GenerateCertKeyPairSecret generates a YAML Kubernetes Secret for deploying the AWS IAM Authenticator.
func (*TemplateBuilder) GenerateKubeconfig ¶ added in v0.13.0
func (t *TemplateBuilder) GenerateKubeconfig(clusterSpec *cluster.Spec, clusterID uuid.UUID, serverURL, tlsCert string) ([]byte, error)
GenerateKubeconfig generates a Kubeconfig in yaml format to authenticate with AWS IAM Authenticator.
func (*TemplateBuilder) GenerateManifest ¶ added in v0.13.0
func (t *TemplateBuilder) GenerateManifest(clusterSpec *cluster.Spec, clusterID uuid.UUID) ([]byte, error)
GenerateManifest generates a YAML Kubernetes manifest for deploying the AWS IAM Authenticator.