Documentation
¶
Overview ¶
package state defines the structure of the Constellation state file.
Index ¶
- Constants
- Variables
- func GetConfigurationDoc() *encoder.FileDoc
- type Azure
- type ClusterValues
- type ConstraintSet
- type GCP
- type Infrastructure
- type OpenStack
- type State
- func (s *State) Constraints() []*validation.Constraint
- func (_ State) Doc() *encoder.Doc
- func (s *State) Merge(other *State) (*State, error)
- func (s *State) SetClusterValues(clusterValues ClusterValues) *State
- func (s *State) SetInfrastructure(infrastructure Infrastructure) *State
- func (s *State) Validate(constraintSet ConstraintSet, variant variant.Variant) error
- func (s *State) WriteToFile(fileHandler file.Handler, path string) error
Constants ¶
View Source
const (
// Version1 is the first version of the state file.
Version1 = "v1"
)
Variables ¶
Functions ¶
func GetConfigurationDoc ¶
GetConfigurationDoc returns documentation for the file ./state_doc.go.
Types ¶
type Azure ¶
type Azure struct {
// description: |
// Resource Group the cluster's resources are placed in.
ResourceGroup string `yaml:"resourceGroup"`
// description: |
// ID of the Azure subscription the cluster is running in.
SubscriptionID string `yaml:"subscriptionID"`
// description: |
// Security group name of the cluster's resource group.
NetworkSecurityGroupName string `yaml:"networkSecurityGroupName"`
// description: |
// Name of the cluster's load balancer.
LoadBalancerName string `yaml:"loadBalancerName"`
// description: |
// ID of the UAMI the cluster's nodes are running with.
UserAssignedIdentity string `yaml:"userAssignedIdentity"`
// description: |
// MAA endpoint that can be used as a fallback for veryifying the ID key digests
// in the cluster's attestation report if the enforcement policy is set accordingly.
// Can be left empty otherwise.
AttestationURL string `yaml:"attestationURL"`
}
Azure describes the infra state related to Azure.
type ClusterValues ¶
type ClusterValues struct {
// description: |
// Unique identifier of the cluster.
ClusterID string `yaml:"clusterID"`
// description: |
// Unique identifier of the owner of the cluster.
OwnerID string `yaml:"ownerID"`
// description: |
// Salt used to generate the ClusterID on the bootstrapping node.
MeasurementSalt encoding.HexBytes `yaml:"measurementSalt"`
}
ClusterValues describe the (Kubernetes) cluster state, set during initialization of the cluster.
func (ClusterValues) Doc ¶
func (_ ClusterValues) Doc() *encoder.Doc
type ConstraintSet ¶
type ConstraintSet int
ConstraintSet defines which constraints the state file should be validated against.
const ( // PreCreate are the constraints that should be enforced when the state file // is validated before cloud infrastructure is created. PreCreate ConstraintSet = iota // PreInit are the constraints that should be enforced when the state file // is validated before the first Constellation node is initialized. PreInit // PostInit are the constraints that should be enforced when the state file // is validated after the cluster was initialized. PostInit )
type GCP ¶
type GCP struct {
// description: |
// Project ID of the GCP project the cluster is running in.
ProjectID string `yaml:"projectID"`
// description: |
// CIDR range of the cluster's pods.
IPCidrPod string `yaml:"ipCidrPod"`
}
GCP describes the infra state related to GCP.
type Infrastructure ¶
type Infrastructure struct {
// description: |
// Unique identifier the cluster's cloud resources are tagged with.
UID string `yaml:"uid"`
// description: |
// Endpoint the cluster can be reached at. This is the endpoint that is being used by the CLI.
ClusterEndpoint string `yaml:"clusterEndpoint"`
// description: |
// The Cluster uses to reach itself. This might differ from the ClusterEndpoint in case e.g.,
// an internal load balancer is used.
InClusterEndpoint string `yaml:"inClusterEndpoint"`
// description: |
// Secret used to authenticate the bootstrapping node.
InitSecret encoding.HexBytes `yaml:"initSecret"`
// description: |
// List of Subject Alternative Names (SANs) to add to the Kubernetes API server certificate.
// If no SANs should be added, this field can be left empty.
APIServerCertSANs []string `yaml:"apiServerCertSANs"`
// description: |
// Name used in the cluster's named resources.
Name string `yaml:"name"`
// description: |
// CIDR range of the cluster's nodes.
IPCidrNode string `yaml:"ipCidrNode"`
// description: |
// Values specific to a Constellation cluster running on Azure.
Azure *Azure `yaml:"azure,omitempty"`
// description: |
// Values specific to a Constellation cluster running on GCP.
GCP *GCP `yaml:"gcp,omitempty"`
// description: |
// Values specific to a Constellation cluster running on OpenStack.
OpenStack *OpenStack `yaml:"openstack,omitempty"`
}
Infrastructure describe the state related to the cloud resources of the cluster.
func (Infrastructure) Doc ¶
func (_ Infrastructure) Doc() *encoder.Doc
type OpenStack ¶ added in v2.16.0
type OpenStack struct {
// description: |
// ID of the network
NetworkID string `yaml:"networkID"`
// description: |
// ID of the subnet
SubnetID string `yaml:"subnetID"`
}
OpenStack describes the infra state related to OpenStack.
type State ¶
type State struct {
// description: |
// Schema version of this state file.
Version string `yaml:"version"`
// description: |
// State of the cluster's cloud resources. These values are retrieved during
// cluster creation. In the case of self-managed infrastructure, the marked
// fields in this struct should be filled by the user as per
// https://docs.edgeless.systems/constellation/workflows/create.
Infrastructure Infrastructure `yaml:"infrastructure"`
// description: |
// DO NOT EDIT. State of the Constellation Kubernetes cluster.
// These values are set during cluster initialization and should not be changed.
ClusterValues ClusterValues `yaml:"clusterValues"`
}
State describe the entire state to describe a Constellation cluster.
func CreateOrRead ¶
CreateOrRead reads the state file at the given path, if it exists, and returns the state. If the file does not exist, a new state is created and written to disk.
func ReadFromFile ¶
ReadFromFile reads the state file at the given path and validates it. If the state file is valid, the state is returned. Otherwise, an error describing why the validation failed is returned.
func (*State) Constraints ¶
func (s *State) Constraints() []*validation.Constraint
Constraints is a no-op implementation to fulfill the "Validatable" interface.
func (*State) Merge ¶
Merge merges the state information from other into the current state. If a field is set in both states, the value of the other state is used.
func (*State) SetClusterValues ¶
func (s *State) SetClusterValues(clusterValues ClusterValues) *State
SetClusterValues sets the cluster values.
func (*State) SetInfrastructure ¶
func (s *State) SetInfrastructure(infrastructure Infrastructure) *State
SetInfrastructure sets the infrastructure state.
func (*State) Validate ¶
func (s *State) Validate(constraintSet ConstraintSet, variant variant.Variant) error
Validate validates the state against the given constraint set and CSP, which can be one of
- PreCreate, which is the constraint set that should be enforced before "constellation create" is run.
- PreInit, which is the constraint set that should be enforced before "constellation apply" is run.
- PostInit, which is the constraint set that should be enforced after "constellation apply" is run.
Source Files
Click to show internal directories.
Click to hide internal directories.