config

package
v2.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 7, 2022 License: AGPL-3.0 Imports: 23 Imported by: 0

Documentation

Overview

This binary can be build from siderolabs/talos projects. Located at: https://github.com/siderolabs/talos/tree/master/hack/docgen

Index

Constants

View Source 
const (
	DefaultImageAzure = ""
	DefaultImageGCP   = ""
)
View Source 
const (
	Version1 = "v1"
)

Variables

View Source 
var (
	ConfigDoc         encoder.Doc
	UpgradeConfigDoc  encoder.Doc
	UserKeyDoc        encoder.Doc
	ProviderConfigDoc encoder.Doc
	AzureConfigDoc    encoder.Doc
	GCPConfigDoc      encoder.Doc
	QEMUConfigDoc     encoder.Doc
)

Functions

func GetConfigurationDoc 

func GetConfigurationDoc() *encoder.FileDoc

GetConfigurationDoc returns documentation for the file ./config_doc.go.

Types

type AzureConfig 

type AzureConfig struct {
	// description: |
	//   Subscription ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription
	SubscriptionID string `yaml:"subscription" validate:"uuid"`
	// description: |
	//   Tenant ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-ad-tenant
	TenantID string `yaml:"tenant" validate:"uuid"`
	// description: |
	//   Azure datacenter region to be used. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#azure-regions-with-availability-zones
	Location string `yaml:"location" validate:"required"`
	// description: |
	//   Resource group for the cluster's resources. Must already exist.
	ResourceGroup string `yaml:"resourceGroup" validate:"required"`
	// description: |
	//   Authorize spawned VMs to access Azure API.
	UserAssignedIdentity string `yaml:"userAssignedIdentity" validate:"required"`
	// description: |
	//    Application client ID of the Active Directory app registration.
	AppClientID string `yaml:"appClientID" validate:"uuid"`
	// description: |
	//    Client secret value of the Active Directory app registration credentials.
	ClientSecretValue string `yaml:"clientSecretValue" validate:"required"`
	// description: |
	//   Machine image used to create Constellation nodes.
	Image string `yaml:"image" validate:"required"`
	// description: |
	//   VM instance type to use for Constellation nodes.
	InstanceType string `yaml:"instanceType" validate:"azure_instance_type"`
	// description: |
	//   Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison
	StateDiskType string `yaml:"stateDiskType" validate:"oneof=Premium_LRS Premium_ZRS Standard_LRS StandardSSD_LRS StandardSSD_ZRS"`
	// description: |
	//   Expected confidential VM measurements.
	Measurements Measurements `yaml:"measurements"`
	// description: |
	//   List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning.
	EnforcedMeasurements []uint32 `yaml:"enforcedMeasurements"`
	// description: |
	//   Expected value for the field 'idkeydigest' in the AMD SEV-SNP attestation report. Only usable with ConfidentialVMs. See 4.6 and 7.3 in: https://www.amd.com/system/files/TechDocs/56860.pdf
	IDKeyDigest string `yaml:"idKeyDigest" validate:"required_if=EnforceIdKeyDigest true,omitempty,hexadecimal,len=96"`
	// description: |
	//   Enforce the specified idKeyDigest value during remote attestation.
	EnforceIDKeyDigest *bool `yaml:"enforceIdKeyDigest" validate:"required"`
	// description: |
	//   Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview
	ConfidentialVM *bool `yaml:"confidentialVM" validate:"required"`
}

AzureConfig are Azure specific configuration values used by the CLI.

func (AzureConfig) Doc 

func (_ AzureConfig) Doc() *encoder.Doc

type Config 

type Config struct {
	// description: |
	//   Schema version of this configuration file.
	Version string `yaml:"version" validate:"eq=v1"`
	// description: |
	//   Size (in GB) of a node's disk to store the non-volatile state.
	StateDiskSizeGB int `yaml:"stateDiskSizeGB" validate:"min=0"`
	// description: |
	//   Kubernetes version to be installed in the cluster.
	KubernetesVersion string `yaml:"kubernetesVersion" validate:"supported_k8s_version"`
	// description: |
	//   DON'T USE IN PRODUCTION: enable debug mode and use debug images. For usage, see: https://github.com/edgelesssys/constellation/blob/main/debugd/README.md
	DebugCluster *bool `yaml:"debugCluster" validate:"required"`
	// description: |
	//   Supported cloud providers and their specific configurations.
	Provider ProviderConfig `yaml:"provider" validate:"dive"`
	// description: |
	//   Create SSH users on Constellation nodes.
	// examples:
	//   - value: '[]UserKey{ { Username:  "Alice", PublicKey: "ssh-rsa AAAAB3NzaC...5QXHKW1rufgtJeSeJ8= alice@domain.com" } }'
	SSHUsers []UserKey `yaml:"sshUsers,omitempty" validate:"dive"`
	// description: |
	//   Configuration to apply during constellation upgrade.
	// examples:
	//   - value: 'UpgradeConfig{ Image: "", Measurements: Measurements{} }'
	Upgrade UpgradeConfig `yaml:"upgrade,omitempty"`
}

Config defines configuration used by CLI.

func Default 

func Default() *Config

Default returns a struct with the default config.

func FromFile 

func FromFile(fileHandler file.Handler, name string) (*Config, error)

FromFile returns config file with `name` read from `fileHandler` by parsing it as YAML.

func (Config) Doc 

func (_ Config) Doc() *encoder.Doc

func (*Config) EnforcesIDKeyDigest 

func (c *Config) EnforcesIDKeyDigest() bool

func (*Config) GetProvider 

func (c *Config) GetProvider() cloudprovider.Provider

GetProvider returns the configured cloud provider.

func (*Config) HasProvider 

func (c *Config) HasProvider(provider cloudprovider.Provider) bool

HasProvider checks whether the config contains the provider.

func (*Config) Image 

func (c *Config) Image() string

Image returns OS image for the configured cloud provider. If multiple cloud providers are configured (which is not supported) only a single image is returned.

func (*Config) IsAzureNonCVM 

func (c *Config) IsAzureNonCVM() bool

IsAzureNonCVM checks whether the chosen provider is azure and confidential VMs are disabled.

func (*Config) IsDebugCluster 

func (c *Config) IsDebugCluster() bool

IsDebugCluster checks whether the cluster is configured as a debug cluster.

func (*Config) IsDebugImage 

func (c *Config) IsDebugImage() bool

IsDebugImage checks whether image name looks like a release image, if not it is probably a debug image. In the end we do not if bootstrapper or debugd was put inside an image just by looking at its name.

func (*Config) RemoveProviderExcept 

func (c *Config) RemoveProviderExcept(provider cloudprovider.Provider)

RemoveProviderExcept removes all provider specific configurations, i.e., sets them to nil, except the one specified. If an unknown provider is passed, the same configuration is returned.

func (*Config) UpdateMeasurements 

func (c *Config) UpdateMeasurements(newMeasurements Measurements)

func (*Config) Validate 

func (c *Config) Validate() ([]string, error)

Validate checks the config values and returns validation error messages. The function only returns an error if the validation itself fails.

type GCPConfig 

type GCPConfig struct {
	// description: |
	//   GCP project. See: https://support.google.com/googleapi/answer/7014113?hl=en
	Project string `yaml:"project" validate:"required"`
	// description: |
	//   GCP datacenter region. See: https://cloud.google.com/compute/docs/regions-zones#available
	Region string `yaml:"region" validate:"required"`
	// description: |
	//   GCP datacenter zone. See: https://cloud.google.com/compute/docs/regions-zones#available
	Zone string `yaml:"zone" validate:"required"`
	// description: |
	//   Path of service account key file. For required service account roles, see https://docs.edgeless.systems/constellation/getting-started/install#authorization
	ServiceAccountKeyPath string `yaml:"serviceAccountKeyPath" validate:"required"`
	// description: |
	//   Machine image used to create Constellation nodes.
	Image string `yaml:"image" validate:"required"`
	// description: |
	//   VM instance type to use for Constellation nodes.
	InstanceType string `yaml:"instanceType" validate:"gcp_instance_type"`
	// description: |
	//   Type of a node's state disk. The type influences boot time and I/O performance. See: https://cloud.google.com/compute/docs/disks#disk-types
	StateDiskType string `yaml:"stateDiskType" validate:"oneof=pd-standard pd-balanced pd-ssd"`
	// description: |
	//   Expected confidential VM measurements.
	Measurements Measurements `yaml:"measurements"`
	// description: |
	//   List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning.
	EnforcedMeasurements []uint32 `yaml:"enforcedMeasurements"`
}

GCPConfig are GCP specific configuration values used by the CLI.

func (GCPConfig) Doc 

func (_ GCPConfig) Doc() *encoder.Doc

type Measurements 

type Measurements map[uint32][]byte

func (Measurements) CopyFrom 

func (m Measurements) CopyFrom(other Measurements)

CopyFrom copies over all values from other. Overwriting existing values, but keeping not specified values untouched.

func (*Measurements) FetchAndVerify 

func (m *Measurements) FetchAndVerify(ctx context.Context, client *http.Client, measurementsURL *url.URL, signatureURL *url.URL, publicKey []byte) error

FetchAndVerify fetches measurement and signature files via provided URLs, using client for download. The publicKey is used to verify the measurements.

func (Measurements) MarshalYAML 

func (m Measurements) MarshalYAML() (interface{}, error)

MarshalYAML overwrites the default behaviour of writing out []byte not as single bytes, but as a single base64 encoded string.

func (*Measurements) UnmarshalYAML 

func (m *Measurements) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML overwrites the default behaviour of reading []byte not as single bytes, but as a single base64 encoded string.

type ProviderConfig 

type ProviderConfig struct {
	// description: |
	//   Configuration for Azure as provider.
	Azure *AzureConfig `yaml:"azure,omitempty" validate:"omitempty,dive"`
	// description: |
	//   Configuration for Google Cloud as provider.
	GCP *GCPConfig `yaml:"gcp,omitempty" validate:"omitempty,dive"`
	// description: |
	//   Configuration for QEMU as provider.
	QEMU *QEMUConfig `yaml:"qemu,omitempty" validate:"omitempty,dive"`
}

ProviderConfig are cloud-provider specific configuration values used by the CLI. Fields should remain pointer-types so custom specific configs can nil them if not required.

func (ProviderConfig) Doc 

func (_ ProviderConfig) Doc() *encoder.Doc

type QEMUConfig 

type QEMUConfig struct {
	// description: |
	//   Path to the image to use for the VMs.
	Image string `yaml:"image" validate:"required"`
	// description: |
	//   Format of the image to use for the VMs. Should be either qcow2 or raw.
	ImageFormat string `yaml:"imageFormat" validate:"oneof=qcow2 raw"`
	// description: |
	//   vCPU count for the VMs.
	VCPUs int `yaml:"vcpus" validate:"required"`
	// description: |
	//   Amount of memory per instance (MiB).
	Memory int `yaml:"memory" validate:"required"`
	// description: |
	//   Container image to use for the QEMU metadata server.
	MetadataAPIImage string `yaml:"metadataAPIServer" validate:"required"`
	// description: |
	//   Libvirt connection URI. Leave empty to start a libvirt instance in Docker.
	LibvirtURI string `yaml:"libvirtSocket"`
	// description: |
	//   Container image to use for launching a containerized libvirt daemon. Only relevant if `libvirtSocket = ""`.
	LibvirtContainerImage string `yaml:"libvirtContainerImage"`
	// description: |
	//   Measurement used to enable measured boot.
	Measurements Measurements `yaml:"measurements"`
	// description: |
	//   List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning.
	EnforcedMeasurements []uint32 `yaml:"enforcedMeasurements"`
}

func (QEMUConfig) Doc 

func (_ QEMUConfig) Doc() *encoder.Doc

type UpgradeConfig 

type UpgradeConfig struct {
	// description: |
	//   Updated machine image to install on all nodes.
	Image string `yaml:"image"`
	// description: |
	//   Measurements of the updated image.
	Measurements Measurements `yaml:"measurements"`
}

UpgradeConfig defines configuration used during constellation upgrade.

func (UpgradeConfig) Doc 

func (_ UpgradeConfig) Doc() *encoder.Doc

type UserKey 

type UserKey struct {
	// description: |
	//   Username of new SSH user.
	Username string `yaml:"username" validate:"required"`
	// description: |
	//   Public key of new SSH user.
	PublicKey string `yaml:"publicKey" validate:"required"`
}

UserKey describes a user that should be created with corresponding public SSH key.

func (UserKey) Doc 

func (_ UserKey) Doc() *encoder.Doc

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.