cke

package module
v1.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 24, 2019 License: MIT Imports: 40 Imported by: 0

README

GitHub release CircleCI GoDoc Go Report Card

Cybozu Kubernetes Engine

CKE (Cybozu Kubernetes Engine) is a distributed service that automates Kubernetes cluster management.

Project Status: Most features are implemented.

Requirements

CKE requirements
Node OS Requirements

  • Docker

    Data in Docker volumes must persist between reboots.

  • A user who belongs to docker group

  • SSH access for the user

Features

  • Bootstrapping and life-cycle management.

    CKE can bootstrap a Kubernetes and etcd cluster from scratch. CKE can also add or remove nodes to/from the Kubernetes and etcd cluster.

  • Managed etcd cluster

    CKE manages an etcd cluster for Kubernetes. Other applications may also store their data in the same etcd cluster. Backups of etcd data are automatically taken by CKE.

    Details are described in docs/etcd.md.

  • Cluster features:

    • HA control plane.
    • RBAC.
    • CNI network plugins.
    • CoreDNS add-on.
    • Node-local DNS cache services.
    • Nodes can be registered with Taints.

  • Sabakan integration

    CKE can be integrated with sabakan, a service that automates physical server management, to generate cluster configuration automatically.

    Sabakan is not a requirement; cluster configuration can be supplied externally by a YAML file.

  • High availability

    CKE stores its configurations in etcd to share them among multiple instances. Etcd is also used to elect a leader instance that exclusively controls the Kubernetes cluster.

  • Operation logs

    To track problems and life-cycle events, CKE keeps operation logs in etcd.

Programs

This repository contains these programs:

  • cke: the service.
  • ckecli: CLI tool for cke.

To see their usage, run them with -h option.

Documentation

docs directory contains tutorials and specifications.

License

CKE is licensed under MIT license.

Documentation

Index

Constants

View Source 
const (
	PropagationShared   = BindPropagation("shared")
	PropagationSlave    = BindPropagation("slave")
	PropagationPrivate  = BindPropagation("private")
	PropagationRShared  = BindPropagation("rshared")
	PropagationRSlave   = BindPropagation("rslave")
	PropagationRPrivate = BindPropagation("rprivate")
)

Bind propagation definitions

View Source 
const (
	LabelShared  = SELinuxLabel("z")
	LabelPrivate = SELinuxLabel("Z")
)

SELinux Label definitions

View Source 
const (
	EtcdImage      = Image("quay.io/cybozu/etcd:3.3.9-4")
	ToolsImage     = Image("quay.io/cybozu/cke-tools:1.3.0-1")
	HyperkubeImage = Image("quay.io/cybozu/hyperkube:1.12.3-2")
	PauseImage     = Image("quay.io/cybozu/pause:3.1-2")
	CoreDNSImage   = Image("quay.io/cybozu/coredns:1.2.5-1")
	UnboundImage   = Image("quay.io/cybozu/unbound:1.8.1-2")
)

Container image definitions

View Source 
const (
	CAServer     = "cke/ca-server"
	CAEtcdPeer   = "cke/ca-etcd-peer"
	CAEtcdClient = "cke/ca-etcd-client"
	CAKubernetes = "cke/ca-kubernetes"
)

CA Keys in Vault

View Source 
const (
	StatusNew       = RecordStatus("new")
	StatusRunning   = RecordStatus("running")
	StatusCancelled = RecordStatus("cancelled")
	StatusCompleted = RecordStatus("completed")
)

Record statuses

View Source 
const (
	KeyCA                    = "ca/"
	KeyCluster               = "cluster"
	KeyClusterRevision       = "cluster-revision"
	KeyConstraints           = "constraints"
	KeyLeader                = "leader/"
	KeyRecords               = "records/"
	KeyRecordID              = "records"
	KeySabakanQueryVariables = "sabakan/query-variables"
	KeySabakanTemplate       = "sabakan/template"
	KeySabakanURL            = "sabakan/url"
	KeyServiceAccountCert    = "service-account/certificate"
	KeyServiceAccountKey     = "service-account/key"
	KeyVault                 = "vault"
)

etcd keys and prefixes

View Source 
const CKESecret = "cke/secrets"

CKESecret is the path of key-value secret engine for CKE.

View Source 
const (

	// DefaultRunTimeout is the timeout value for Agent.Run().
	DefaultRunTimeout = 10 * time.Minute
)
View Source 
const SSHSecret = CKESecret + "/ssh"

SSHSecret is the path of SSH private keys in Vault.

View Source 
const Version = "1.12.0"

Version represents current cke version

Variables

View Source 
var (
	// ErrNotFound may be returned by Storage methods when a key is not found.
	ErrNotFound = errors.New("not found")
	// ErrNoLeader is returned when the session lost leadership.
	ErrNoLeader = errors.New("lost leadership")
)

Functions

func AddUserRole 

func AddUserRole(ctx context.Context, cli *clientv3.Client, name, prefix string) error

AddUserRole create etcd user and role.

func AdminKubeconfig 

func AdminKubeconfig(cluster, ca, clientCrt, clientKey, server string) *api.Config

AdminKubeconfig makes kubeconfig for admin user

func AllImages 

func AllImages() []string

AllImages return container images list used by CKE

func ConnectVault 

func ConnectVault(ctx context.Context, data []byte) error

ConnectVault unmarshal data to get VaultConfig and call VaultClient with it. It then start renewing login token for long-running process.

func GetUserRoles 

func GetUserRoles(ctx context.Context, cli *clientv3.Client, user string) ([]string, error)

GetUserRoles get roles of target user.

func IssueEtcdClientCertificate 

func IssueEtcdClientCertificate(inf Infrastructure, username, ttl string) (cert, key string, err error)

IssueEtcdClientCertificate issues TLS client certificate for a user.

func Kubeconfig 

func Kubeconfig(cluster, user, ca, clientCrt, clientKey string) *api.Config

Kubeconfig creates *api.Config that will be rendered as "kubeconfig" file.

func NewEtcdConfig 

func NewEtcdConfig() *etcdutil.Config

NewEtcdConfig creates Config with default prefix.

func VaultClient 

func VaultClient(cfg *VaultConfig) (*vault.Client, *vault.Secret, error)

VaultClient creates vault client. The client has logged-in to Vault using RoleID and SecretID in cfg.

Types

type Agent 

type Agent interface {
	// Close closes the underlying connection.
	Close() error

	// Run command on the node.
	// It returns non-nil error if the command takes too long (> DefaultRunTimeout).
	Run(command string) (stdout, stderr []byte, err error)

	// RunWithInput run command with input as stdin.
	// It returns non-nil error if the command takes too long (> DefaultRunTimeout).
	RunWithInput(command, input string) error

	// RunWithTimeout run command with given timeout.
	// If timeout is 0, the command will run indefinitely.
	RunWithTimeout(command, input string, timeout time.Duration) (stdout, stderr []byte, err error)
}

Agent is the interface to run commands on a node.

func SSHAgent 

func SSHAgent(node *Node, privkey string) (Agent, error)

SSHAgent creates an Agent that communicates over SSH. It returns non-nil error when connection could not be established.

type BindPropagation 

type BindPropagation string

BindPropagation is bind propagation option for Docker https://docs.docker.com/storage/bind-mounts/#configure-bind-propagation

func (BindPropagation) String 

func (p BindPropagation) String() string

type Cluster 

type Cluster struct {
	Name          string     `json:"name"           yaml:"name"`
	Nodes         []*Node    `json:"nodes"          yaml:"nodes"`
	ServiceSubnet string     `json:"service_subnet" yaml:"service_subnet"`
	PodSubnet     string     `json:"pod_subnet"     yaml:"pod_subnet"`
	DNSServers    []string   `json:"dns_servers"    yaml:"dns_servers"`
	DNSService    string     `json:"dns_service"    yaml:"dns_service"`
	EtcdBackup    EtcdBackup `json:"etcd_backup"    yaml:"etcd_backup"`
	Options       Options    `json:"options"        yaml:"options"`
}

Cluster is a set of configurations for a etcd/Kubernetes cluster.

func NewCluster 

func NewCluster() *Cluster

NewCluster creates Cluster

func (*Cluster) Validate 

func (c *Cluster) Validate() error

Validate validates the cluster definition.

type ClusterDNSStatus 

type ClusterDNSStatus struct {
	ServiceAccountExists  bool
	RBACRoleExists        bool
	RBACRoleBindingExists bool
	ConfigMap             *corev1.ConfigMap
	Deployment            *appsv1.Deployment
	ServiceExists         bool
	ClusterDomain         string
	ClusterIP             string
}

ClusterDNSStatus contains cluster resolver status.

type ClusterStatus 

type ClusterStatus struct {
	Name         string
	NodeStatuses map[string]*NodeStatus // keys are IP address strings.

	Etcd       EtcdClusterStatus
	Kubernetes KubernetesClusterStatus
}

ClusterStatus represents the working cluster status. The structure reflects Cluster, of course.

type Command 

type Command struct {
	Name   string `json:"name"`
	Target string `json:"target"`
	Detail string `json:"detail"`
}

Command represents some command

func (Command) String 

func (c Command) String() string

String implements fmt.Stringer

type Commander 

type Commander interface {
	// Run executes the command
	Run(ctx context.Context, inf Infrastructure) error
	// Command returns the command information
	Command() Command
}

Commander is a single step to proceed an operation

type Constraints 

type Constraints struct {
	ControlPlaneCount int `json:"control-plane-count"`
	MinimumWorkers    int `json:"minimum-workers"`
	MaximumWorkers    int `json:"maximum-workers"`
}

Constraints is a set of conditions that a cluster must satisfy

func DefaultConstraints 

func DefaultConstraints() *Constraints

DefaultConstraints returns the default constraints

func (*Constraints) Check 

func (c *Constraints) Check(cluster *Cluster) error

Check checks the cluster satisfies the constraints

type ContainerEngine 

type ContainerEngine interface {
	// PullImage pulls an image.
	PullImage(img Image) error
	// Run runs a container as a foreground process.
	Run(img Image, binds []Mount, command string) error
	// RunWithInput runs a container as a foreground process with stdin as a string.
	RunWithInput(img Image, binds []Mount, command, input string) error
	// RunSystem runs the named container as a system service.
	RunSystem(name string, img Image, opts []string, params, extra ServiceParams) error
	// Exists returns if named system container exists.
	Exists(name string) (bool, error)
	// Stop stops the named system container.
	Stop(name string) error
	// Kill kills the named system container.
	Kill(name string) error
	// Remove removes the named system container.
	Remove(name string) error
	// Inspect returns ServiceStatus for the named container.
	Inspect(name []string) (map[string]ServiceStatus, error)
	// VolumeCreate creates a local volume.
	VolumeCreate(name string) error
	// VolumeRemove creates a local volume.
	VolumeRemove(name string) error
	// VolumeExists returns true if the named volume exists.
	VolumeExists(name string) (bool, error)
}

ContainerEngine defines interfaces for a container engine.

func Docker 

func Docker(agent Agent) ContainerEngine

Docker is an implementation of ContainerEngine.

type EtcdBackup 

type EtcdBackup struct {
	Enabled  bool   `json:"enabled"  yaml:"enabled"`
	PVCName  string `json:"pvc_name" yaml:"pvc_name"`
	Schedule string `json:"schedule" yaml:"schedule"`
	Rotate   int    `json:"rotate,omitempty" yaml:"rotate,omitempty"`
}

EtcdBackup is a set of configurations for etcdbackup.

type EtcdBackupStatus 

type EtcdBackupStatus struct {
	ConfigMap *corev1.ConfigMap
	CronJob   *batchv1beta1.CronJob
	Pod       *corev1.Pod
	Secret    *corev1.Secret
	Service   *corev1.Service
}

EtcdBackupStatus is the status of etcdbackup

type EtcdCA 

type EtcdCA struct{}

EtcdCA is a certificate authority for etcd cluster.

func (EtcdCA) IssueForAPIServer 

func (e EtcdCA) IssueForAPIServer(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)

IssueForAPIServer issues TLC client certificate for Kubernetes.

func (EtcdCA) IssueForBackup 

func (e EtcdCA) IssueForBackup(ctx context.Context, inf Infrastructure) (cert, key string, err error)

IssueForBackup issues certificate for etcdbackup.

func (EtcdCA) IssuePeerCert 

func (e EtcdCA) IssuePeerCert(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)

IssuePeerCert issues TLS certificates for mutual peer authentication.

func (EtcdCA) IssueRoot 

func (e EtcdCA) IssueRoot(ctx context.Context, inf Infrastructure) (cert, key string, err error)

IssueRoot issues certificate for root user.

func (EtcdCA) IssueServerCert 

func (e EtcdCA) IssueServerCert(ctx context.Context, inf Infrastructure, node *Node, domain string) (crt, key string, err error)

IssueServerCert issues TLS server certificates.

type EtcdClusterStatus 

type EtcdClusterStatus struct {
	IsHealthy     bool
	Members       map[string]*etcdserverpb.Member
	InSyncMembers map[string]bool
}

EtcdClusterStatus is the status of the etcd cluster.

type EtcdParams 

type EtcdParams struct {
	ServiceParams `yaml:",inline"`
	VolumeName    string `json:"volume_name" yaml:"volume_name"`
}

EtcdParams is a set of extra parameters for etcd.

type EtcdStatus 

type EtcdStatus struct {
	ServiceStatus
	HasData bool
}

EtcdStatus is the status of kubelet.

type Image 

type Image string

Image is the type of container images.

func (Image) Name 

func (i Image) Name() string

Name returns docker image name.

type Infrastructure 

type Infrastructure interface {
	Close()
	Agent(addr string) Agent
	Engine(addr string) ContainerEngine
	Vault() (*vault.Client, error)
	Storage() Storage

	NewEtcdClient(ctx context.Context, endpoints []string) (*clientv3.Client, error)
	K8sClient(ctx context.Context, n *Node) (*kubernetes.Clientset, error)
	HTTPClient() *well.HTTPClient
	HTTPSClient(ctx context.Context) (*well.HTTPClient, error)
}

Infrastructure presents an interface for infrastructure on CKE

func NewInfrastructure 

func NewInfrastructure(ctx context.Context, c *Cluster, s Storage) (Infrastructure, error)

NewInfrastructure creates a new Infrastructure instance

type IssueResponse 

type IssueResponse struct {
	Cert   string `json:"certificate"`
	Key    string `json:"private_key"`
	CACert string `json:"ca_certificate"`
}

IssueResponse is cli output format.

type KubeComponentStatus 

type KubeComponentStatus struct {
	ServiceStatus
	IsHealthy bool
}

KubeComponentStatus represents service status and endpoint's health

type KubeletParams 

type KubeletParams struct {
	ServiceParams `yaml:",inline"`
	Domain        string         `json:"domain"      yaml:"domain"`
	AllowSwap     bool           `json:"allow_swap"  yaml:"allow_swap"`
	BootTaints    []corev1.Taint `json:"boot_taints"   yaml:"boot_taints"`
}

KubeletParams is a set of extra parameters for kubelet.

type KubeletStatus 

type KubeletStatus struct {
	ServiceStatus
	IsHealthy bool
	Domain    string
	AllowSwap bool
}

KubeletStatus represents kubelet status and health

type KubernetesCA 

type KubernetesCA struct{}

KubernetesCA is a certificate authority for k8s cluster.

func (KubernetesCA) IssueAdminCert 

func (k KubernetesCA) IssueAdminCert(ctx context.Context, inf Infrastructure, ttl string) (crt, key string, err error)

IssueAdminCert issues client certificate for cluster admin user.

func (KubernetesCA) IssueForAPIServer 

func (k KubernetesCA) IssueForAPIServer(ctx context.Context, inf Infrastructure, n *Node, serviceSubnet, domain string) (crt, key string, err error)

IssueForAPIServer issues TLS certificate for API servers.

func (KubernetesCA) IssueForControllerManager 

func (k KubernetesCA) IssueForControllerManager(ctx context.Context, inf Infrastructure) (crt, key string, err error)

IssueForControllerManager issues TLS certificate for kube-controller-manager.

func (KubernetesCA) IssueForKubelet 

func (k KubernetesCA) IssueForKubelet(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)

IssueForKubelet issues TLS certificate for kubelet.

func (KubernetesCA) IssueForProxy 

func (k KubernetesCA) IssueForProxy(ctx context.Context, inf Infrastructure) (crt, key string, err error)

IssueForProxy issues TLS certificate for kube-proxy.

func (KubernetesCA) IssueForScheduler 

func (k KubernetesCA) IssueForScheduler(ctx context.Context, inf Infrastructure) (crt, key string, err error)

IssueForScheduler issues TLS certificate for kube-scheduler.

func (KubernetesCA) IssueForServiceAccount 

func (k KubernetesCA) IssueForServiceAccount(ctx context.Context, inf Infrastructure) (crt, key string, err error)

IssueForServiceAccount issues TLS certificate to sign service account tokens.

type KubernetesClusterStatus 

type KubernetesClusterStatus struct {
	IsReady               bool
	Nodes                 []corev1.Node
	RBACRoleExists        bool
	RBACRoleBindingExists bool
	DNSService            *corev1.Service
	ClusterDNS            ClusterDNSStatus
	NodeDNS               NodeDNSStatus
	EtcdEndpoints         *corev1.Endpoints
	EtcdBackup            EtcdBackupStatus
}

KubernetesClusterStatus contains kubernetes cluster configurations

type Mount 

type Mount struct {
	Source      string          `json:"source"        yaml:"source"`
	Destination string          `json:"destination"   yaml:"destination"`
	ReadOnly    bool            `json:"read_only"     yaml:"read_only"`
	Propagation BindPropagation `json:"propagation"   yaml:"propagation"`
	Label       SELinuxLabel    `json:"selinux_label" yaml:"selinux_label"`
}

Mount is volume mount information

func (Mount) Equal 

func (m Mount) Equal(o Mount) bool

Equal returns true if the mount is equals to other one, otherwise return false

type Node 

type Node struct {
	Address      string            `json:"address"       yaml:"address"`
	Hostname     string            `json:"hostname"      yaml:"hostname"`
	User         string            `json:"user"          yaml:"user"`
	ControlPlane bool              `json:"control_plane" yaml:"control_plane"`
	Annotations  map[string]string `json:"annotations"   yaml:"annotations"`
	Labels       map[string]string `json:"labels"        yaml:"labels"`
	Taints       []corev1.Taint    `json:"taints"        yaml:"taints"`
}

Node represents a node in Kubernetes.

func ControlPlanes 

func ControlPlanes(nodes []*Node) []*Node

ControlPlanes returns control plane []*Node

func (*Node) Nodename 

func (n *Node) Nodename() string

Nodename returns a hostname or address if hostname is empty

type NodeDNSStatus 

type NodeDNSStatus struct {
	DaemonSet *appsv1.DaemonSet
	ConfigMap *corev1.ConfigMap
}

NodeDNSStatus contains node local resolver status.

type NodeStatus 

type NodeStatus struct {
	Etcd              EtcdStatus
	Rivers            ServiceStatus
	APIServer         KubeComponentStatus
	ControllerManager KubeComponentStatus
	Scheduler         KubeComponentStatus
	Proxy             KubeComponentStatus
	Kubelet           KubeletStatus
	Labels            map[string]string // are labels for k8s Node resource.
}

NodeStatus status of a node.

type Operator 

type Operator interface {
	// Name returns the operation name.
	Name() string
	// NextCommand returns the next command or nil if completed.
	NextCommand() Commander
}

Operator is the interface for operations

type Options 

type Options struct {
	Etcd              EtcdParams    `json:"etcd"                    yaml:"etcd"`
	Rivers            ServiceParams `json:"rivers"                  yaml:"rivers"`
	APIServer         ServiceParams `json:"kube-api"                yaml:"kube-api"`
	ControllerManager ServiceParams `json:"kube-controller-manager" yaml:"kube-controller-manager"`
	Scheduler         ServiceParams `json:"kube-scheduler"          yaml:"kube-scheduler"`
	Proxy             ServiceParams `json:"kube-proxy"              yaml:"kube-proxy"`
	Kubelet           KubeletParams `json:"kubelet"                 yaml:"kubelet"`
}

Options is a set of optional parameters for k8s components.

type Record 

type Record struct {
	ID        int64        `json:"id,string"`
	Status    RecordStatus `json:"status"`
	Operation string       `json:"operation"`
	Command   Command      `json:"command"`
	Error     string       `json:"error"`
	StartAt   time.Time    `json:"start-at"`
	EndAt     time.Time    `json:"end-at"`
}

Record represents a record of an operation

func NewRecord 

func NewRecord(id int64, op string) *Record

NewRecord creates new `Record`

func (*Record) Cancel 

func (r *Record) Cancel()

Cancel cancels the operation

func (*Record) Complete 

func (r *Record) Complete()

Complete completes the operation

func (*Record) SetCommand 

func (r *Record) SetCommand(c Command)

SetCommand updates the record for the new command

func (*Record) SetError 

func (r *Record) SetError(e error)

SetError cancels the operation with error information

type RecordStatus 

type RecordStatus string

RecordStatus is status of an operation

type SELinuxLabel 

type SELinuxLabel string

SELinuxLabel is selinux label of the host file or directory https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label

func (SELinuxLabel) String 

func (l SELinuxLabel) String() string

type ServiceParams 

type ServiceParams struct {
	ExtraArguments []string          `json:"extra_args"  yaml:"extra_args"`
	ExtraBinds     []Mount           `json:"extra_binds" yaml:"extra_binds"`
	ExtraEnvvar    map[string]string `json:"extra_env"   yaml:"extra_env"`
}

ServiceParams is a common set of extra parameters for k8s components.

func (ServiceParams) Equal 

func (s ServiceParams) Equal(o ServiceParams) bool

Equal returns true if the services params is equals to other one, otherwise return false

type ServiceStatus 

type ServiceStatus struct {
	Running       bool
	Image         string
	BuiltInParams ServiceParams
	ExtraParams   ServiceParams
}

ServiceStatus represents statuses of a service.

If Running is false, the service is not running on the node. ExtraXX are extra parameters of the running service, if any.

type Storage 

type Storage struct {
	*clientv3.Client
}

Storage provides operations to store/retrieve CKE data in etcd.

func (Storage) DeleteSabakanURL 

func (s Storage) DeleteSabakanURL(ctx context.Context) error

DeleteSabakanURL deletes URL of sabakan API.

func (Storage) GetCACertificate 

func (s Storage) GetCACertificate(ctx context.Context, name string) (string, error)

GetCACertificate loads CA certificate from etcd.

func (Storage) GetCluster 

func (s Storage) GetCluster(ctx context.Context) (*Cluster, error)

GetCluster loads *Cluster from etcd. If cluster configuration has not been stored, this returns ErrNotFound.

func (Storage) GetClusterWithRevision 

func (s Storage) GetClusterWithRevision(ctx context.Context) (*Cluster, int64, error)

GetClusterWithRevision loads *Cluster from etcd as well as the stored revision number. The revision number was stored with *Cluster by PutClusterWithTemplateRevision().

func (Storage) GetConstraints 

func (s Storage) GetConstraints(ctx context.Context) (*Constraints, error)

GetConstraints loads *Constraints from etcd. If constraints have not been stored, this returns ErrNotFound.

func (Storage) GetLeaderHostname 

func (s Storage) GetLeaderHostname(ctx context.Context) (string, error)

GetLeaderHostname returns the current leader's host name. It returns non-nil error when there is no leader.

func (Storage) GetRecords 

func (s Storage) GetRecords(ctx context.Context, count int64) ([]*Record, error)

GetRecords loads list of *Record from etcd. The returned records are sorted by record ID in decreasing order.

func (Storage) GetSabakanQueryVariables 

func (s Storage) GetSabakanQueryVariables(ctx context.Context) ([]byte, error)

GetSabakanQueryVariables gets query variables for Sabakan.

func (Storage) GetSabakanTemplate 

func (s Storage) GetSabakanTemplate(ctx context.Context) (*Cluster, int64, error)

GetSabakanTemplate gets template cluster configuration. If a template exists, it will be returned with ModRevision.

func (Storage) GetSabakanURL 

func (s Storage) GetSabakanURL(ctx context.Context) (string, error)

GetSabakanURL gets URL of sabakan API. The URL must be an absolute URL pointing GraphQL endpoint.

func (Storage) GetServiceAccountCert 

func (s Storage) GetServiceAccountCert(ctx context.Context) (string, error)

GetServiceAccountCert loads x509 certificate for service account. The format is PEM.

func (Storage) GetServiceAccountKey 

func (s Storage) GetServiceAccountKey(ctx context.Context) (string, error)

GetServiceAccountKey loads private key for service account. The format is PEM.

func (Storage) GetVaultConfig 

func (s Storage) GetVaultConfig(ctx context.Context) (*VaultConfig, error)

GetVaultConfig loads *VaultConfig from etcd.

func (Storage) NextRecordID 

func (s Storage) NextRecordID(ctx context.Context) (int64, error)

NextRecordID get the next record ID from etcd

func (Storage) PutCACertificate 

func (s Storage) PutCACertificate(ctx context.Context, name, pem string) error

PutCACertificate stores CA certificate into etcd.

func (Storage) PutCluster 

func (s Storage) PutCluster(ctx context.Context, c *Cluster) error

PutCluster stores *Cluster into etcd.

func (Storage) PutClusterWithTemplateRevision 

func (s Storage) PutClusterWithTemplateRevision(ctx context.Context, c *Cluster, rev int64, leaderKey string) error

PutClusterWithTemplateRevision stores *Cluster into etcd along with a revision number.

func (Storage) PutConstraints 

func (s Storage) PutConstraints(ctx context.Context, c *Constraints) error

PutConstraints stores *Constraints into etcd.

func (Storage) PutServiceAccountData 

func (s Storage) PutServiceAccountData(ctx context.Context, leaderKey, cert, key string) error

PutServiceAccountData stores x509 certificate and private key for service account.

func (Storage) PutVaultConfig 

func (s Storage) PutVaultConfig(ctx context.Context, c *VaultConfig) error

PutVaultConfig stores *VaultConfig into etcd.

func (Storage) RegisterRecord 

func (s Storage) RegisterRecord(ctx context.Context, leaderKey string, r *Record) error

RegisterRecord stores *Record if the leaderKey exists

func (Storage) SetSabakanQueryVariables 

func (s Storage) SetSabakanQueryVariables(ctx context.Context, vars string) error

SetSabakanQueryVariables sets query variables for Sabakan. Caller must validate the contents.

func (Storage) SetSabakanTemplate 

func (s Storage) SetSabakanTemplate(ctx context.Context, tmpl *Cluster) error

SetSabakanTemplate stores template cluster configuration. Caller must validate the template.

func (Storage) SetSabakanURL 

func (s Storage) SetSabakanURL(ctx context.Context, url string) error

SetSabakanURL stores URL of sabakan API.

func (Storage) UpdateRecord 

func (s Storage) UpdateRecord(ctx context.Context, leaderKey string, r *Record) error

UpdateRecord updates existing record

type VaultConfig 

type VaultConfig struct {
	// Endpoint is the address of the Vault server.
	Endpoint string `json:"endpoint"`

	// CACert is x509 certificate in PEM format of the endpoint CA.
	CACert string `json:"ca-cert"`

	// RoleID is AppRole ID to login to Vault.
	RoleID string `json:"role-id"`

	// SecretID is AppRole secret to login to Vault.
	SecretID string `json:"secret-id"`
}

VaultConfig is data to store in etcd

func (*VaultConfig) Validate 

func (c *VaultConfig) Validate() error

Validate validates the vault configuration

Source Files

View all Source files

Directories

Path Synopsis
download-disk-if-exists
op
clusterdns
common
Package common provides generic commands shared by many Operators.
 Package common provides generic commands shared by many Operators.
etcd
etcdbackup
k8s
nodedns
pkg
cke
ckecli
ckecli/cmd
mock
tools
cli
create-disk-if-not-exists
create-qcow

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.