awsiamauth

package
v0.21.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 21, 2024 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source
const (

	// AwsIamAuthConfigMapName is the name of AWS IAM Authenticator configuration.
	AwsIamAuthConfigMapName = "aws-iam-authenticator"

	// AwsAuthConfigMapName is the name of IAM roles and users mapping for AWS IAM Authenticator.
	AwsAuthConfigMapName = "aws-auth"
)

Variables

This section is empty.

Functions

func CASecretName added in v0.13.0

func CASecretName(clusterName string) string

CASecretName returns the name of AWS IAM Authenticator secret containing the CA for the cluster.

func KubeconfigSecretName added in v0.13.0

func KubeconfigSecretName(clusterName string) string

KubeconfigSecretName returns the name of the AWS IAM Authenticator kubeconfig secret for the cluster.

Types

type Client added in v0.15.2

type Client interface {
	ApplyKubeSpecFromBytes(ctx context.Context, cluster *types.Cluster, data []byte) error
	GetApiServerUrl(ctx context.Context, cluster *types.Cluster) (string, error)
	GetObject(ctx context.Context, resourceType string, name string, namespace string, kubeconfig string, obj runtime.Object) error
}

Client is a Kubernetes client.

type HookRegistrar added in v0.13.0

type HookRegistrar struct {
	*Installer
	// contains filtered or unexported fields
}

HookRegistrar is responsible for binding AWS IAM Auth hooks to workflows so it can be installed.

func NewHookRegistrar added in v0.13.0

func NewHookRegistrar(installer *Installer, spec *cluster.Spec) HookRegistrar

NewHookRegistrar creates a HookRegistrar instance.

func (HookRegistrar) RegisterCreateManagementClusterHooks added in v0.13.0

func (r HookRegistrar) RegisterCreateManagementClusterHooks(binder workflow.HookBinder)

type Installer added in v0.13.0

type Installer struct {
	// contains filtered or unexported fields
}

Installer provides the necessary behavior for installing the AWS IAM Authenticator.

func NewInstaller added in v0.13.0

func NewInstaller(
	certgen crypto.CertificateGenerator,
	clusterID uuid.UUID,
	k8s KubernetesClient,
	writer filewriter.FileWriter,
	kubeconfigWriter kubeconfig.Writer,
) *Installer

NewInstaller creates a new installer instance.

func (*Installer) CreateAndInstallAWSIAMAuthCASecret added in v0.13.0

func (i *Installer) CreateAndInstallAWSIAMAuthCASecret(ctx context.Context, managementCluster *types.Cluster, clusterName string) error

CreateAndInstallAWSIAMAuthCASecret creates a Kubernetes Secret in cluster containing a self-signed certificate and key for a cluster identified by clusterName.

func (*Installer) GenerateKubeconfig added in v0.19.0

func (i *Installer) GenerateKubeconfig(
	ctx context.Context,
	management, workload *types.Cluster,
	spec *cluster.Spec,
) error

GenerateKubeconfig generates the AWS IAM auth kubeconfig.

func (*Installer) GenerateManagementAWSIAMKubeconfig added in v0.19.0

func (i *Installer) GenerateManagementAWSIAMKubeconfig(
	ctx context.Context,
	cluster *types.Cluster,
) error

GenerateManagementAWSIAMKubeconfig generates the AWS IAM auth kubeconfig.

func (*Installer) InstallAWSIAMAuth added in v0.13.0

func (i *Installer) InstallAWSIAMAuth(
	ctx context.Context,
	management, workload *types.Cluster,
	spec *cluster.Spec,
) error

InstallAWSIAMAuth installs AWS IAM Authenticator deployment manifests into the workload cluster. It writes a Kubeconfig to disk for kubectl access using AWS IAM Authentication.

func (*Installer) UpgradeAWSIAMAuth added in v0.13.0

func (i *Installer) UpgradeAWSIAMAuth(ctx context.Context, cluster *types.Cluster, spec *cluster.Spec) error

UpgradeAWSIAMAuth upgrades an AWS IAM Authenticator deployment in cluster.

type KubernetesClient added in v0.13.0

type KubernetesClient interface {
	Apply(ctx context.Context, cluster *types.Cluster, data []byte) error
	GetAPIServerURL(ctx context.Context, cluster *types.Cluster) (string, error)
	GetClusterCACert(ctx context.Context, cluster *types.Cluster, clusterName string) ([]byte, error)
	GetAWSIAMKubeconfigSecretValue(ctx context.Context, cluster *types.Cluster, clusterName string) ([]byte, error)
}

KubernetesClient provides Kubernetes API access.

type RetrierClient added in v0.15.2

type RetrierClient struct {
	// contains filtered or unexported fields
}

RetrierClient wraps basic kubernetes API operations around a retrier.

func NewRetrierClient added in v0.15.2

func NewRetrierClient(client Client, opts ...RetrierClientOpt) RetrierClient

NewRetrierClient constructs a new RetrierClient.

func (RetrierClient) Apply added in v0.15.2

func (c RetrierClient) Apply(ctx context.Context, cluster *types.Cluster, data []byte) error

Apply creates/updates the data objects for a cluster.

func (RetrierClient) GetAPIServerURL added in v0.15.2

func (c RetrierClient) GetAPIServerURL(ctx context.Context, cluster *types.Cluster) (string, error)

GetAPIServerURL gets the api server url from K8s config.

func (RetrierClient) GetAWSIAMKubeconfigSecretValue added in v0.19.0

func (c RetrierClient) GetAWSIAMKubeconfigSecretValue(ctx context.Context, cluster *types.Cluster, clusterName string) ([]byte, error)

GetAWSIAMKubeconfigSecretValue gets the AWS IAM kubeconfig value for a cluster from a secret.

func (RetrierClient) GetClusterCACert added in v0.15.2

func (c RetrierClient) GetClusterCACert(ctx context.Context, cluster *types.Cluster, clusterName string) ([]byte, error)

GetClusterCACert gets the ca cert for a cluster from a secret.

type RetrierClientOpt added in v0.15.2

type RetrierClientOpt func(*RetrierClient)

RetrierClientOpt allows to customize a RetrierClient on construction.

func RetrierClientRetrier added in v0.15.2

func RetrierClientRetrier(retrier retrier.Retrier) RetrierClientOpt

RetrierClientRetrier allows to use a custom retrier.

type TemplateBuilder added in v0.13.0

type TemplateBuilder struct{}

TemplateBuilder generates manifest files from templates.

func (*TemplateBuilder) GenerateCertKeyPairSecret added in v0.13.0

func (t *TemplateBuilder) GenerateCertKeyPairSecret(certgen crypto.CertificateGenerator, managementClusterName string) ([]byte, error)

GenerateCertKeyPairSecret generates a YAML Kubernetes Secret for deploying the AWS IAM Authenticator.

func (*TemplateBuilder) GenerateKubeconfig added in v0.13.0

func (t *TemplateBuilder) GenerateKubeconfig(clusterSpec *cluster.Spec, clusterID uuid.UUID, serverURL, tlsCert string) ([]byte, error)

GenerateKubeconfig generates a Kubeconfig in yaml format to authenticate with AWS IAM Authenticator.

func (*TemplateBuilder) GenerateManifest added in v0.13.0

func (t *TemplateBuilder) GenerateManifest(clusterSpec *cluster.Spec, clusterID uuid.UUID) ([]byte, error)

GenerateManifest generates a YAML Kubernetes manifest for deploying the AWS IAM Authenticator.

Directories

Path Synopsis
Package mocks is a generated GoMock package.
Package mocks is a generated GoMock package.
mocks
Package mocks is a generated GoMock package.
Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL