config

package
v2.3.0-pre Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 8, 2022 License: AGPL-3.0 Imports: 25 Imported by: 0

Documentation

Overview

This binary can be build from siderolabs/talos projects. Located at: https://github.com/siderolabs/talos/tree/master/hack/docgen

Index

Constants

View Source 
const (
	DefaultImageAzure = ""
	DefaultImageGCP   = ""
)
View Source 
const (
	Version1 = "v1"
)

Variables

View Source 
var (
	ConfigDoc         encoder.Doc
	UpgradeConfigDoc  encoder.Doc
	UserKeyDoc        encoder.Doc
	ProviderConfigDoc encoder.Doc
	AWSConfigDoc      encoder.Doc
	AzureConfigDoc    encoder.Doc
	GCPConfigDoc      encoder.Doc
	QEMUConfigDoc     encoder.Doc
)

Functions

func GetConfigurationDoc 

func GetConfigurationDoc() *encoder.FileDoc

GetConfigurationDoc returns documentation for the file ./config_doc.go.

Types

type AWSConfig added in v2.2.0 

type AWSConfig struct {
	// description: |
	//   AWS data center region. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions
	Region string `yaml:"region" validate:"required"`
	// description: |
	//   AWS data center zone name in defined region. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones
	Zone string `yaml:"zone" validate:"required"`
	// description: |
	//   AMI ID of the machine image used to create Constellation nodes.
	Image string `yaml:"image" validate:"required"`
	// description: |
	//   VM instance type to use for Constellation nodes. Needs to support NitroTPM. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html
	InstanceType string `yaml:"instanceType" validate:"lowercase,aws_instance_type"`
	// description: |
	//   Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html
	StateDiskType string `yaml:"stateDiskType" validate:"oneof=standard gp2 gp3 st1 sc1 io1"`
	// description: |
	//   Name of the IAM profile to use for the control plane nodes.
	IAMProfileControlPlane string `yaml:"iamProfileControlPlane" validate:"required"`
	// description: |
	//   Name of the IAM profile to use for the worker nodes.
	IAMProfileWorkerNodes string `yaml:"iamProfileWorkerNodes" validate:"required"`
	// description: |
	//   Expected VM measurements.
	Measurements Measurements `yaml:"measurements"`
	// description: |
	//   List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning.
	EnforcedMeasurements []uint32 `yaml:"enforcedMeasurements"`
}

AWSConfig are AWS specific configuration values used by the CLI.

func (AWSConfig) Doc added in v2.2.0 

func (_ AWSConfig) Doc() *encoder.Doc

type AzureConfig 

type AzureConfig struct {
	// description: |
	//   Subscription ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription
	SubscriptionID string `yaml:"subscription" validate:"uuid"`
	// description: |
	//   Tenant ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-ad-tenant
	TenantID string `yaml:"tenant" validate:"uuid"`
	// description: |
	//   Azure datacenter region to be used. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#azure-regions-with-availability-zones
	Location string `yaml:"location" validate:"required"`
	// description: |
	//   Resource group for the cluster's resources. Must already exist.
	ResourceGroup string `yaml:"resourceGroup" validate:"required"`
	// description: |
	//   Authorize spawned VMs to access Azure API.
	UserAssignedIdentity string `yaml:"userAssignedIdentity" validate:"required"`
	// description: |
	//    Application client ID of the Active Directory app registration.
	AppClientID string `yaml:"appClientID" validate:"uuid"`
	// description: |
	//    Client secret value of the Active Directory app registration credentials.
	ClientSecretValue string `yaml:"clientSecretValue" validate:"required"`
	// description: |
	//   Machine image used to create Constellation nodes.
	Image string `yaml:"image" validate:"required"`
	// description: |
	//   VM instance type to use for Constellation nodes.
	InstanceType string `yaml:"instanceType" validate:"azure_instance_type"`
	// description: |
	//   Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison
	StateDiskType string `yaml:"stateDiskType" validate:"oneof=Premium_LRS Premium_ZRS Standard_LRS StandardSSD_LRS StandardSSD_ZRS"`
	// description: |
	//   Expected confidential VM measurements.
	Measurements Measurements `yaml:"measurements"`
	// description: |
	//   List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning.
	EnforcedMeasurements []uint32 `yaml:"enforcedMeasurements"`
	// description: |
	//   Expected value for the field 'idkeydigest' in the AMD SEV-SNP attestation report. Only usable with ConfidentialVMs. See 4.6 and 7.3 in: https://www.amd.com/system/files/TechDocs/56860.pdf
	IDKeyDigest string `yaml:"idKeyDigest" validate:"required_if=EnforceIdKeyDigest true,omitempty,hexadecimal,len=96"`
	// description: |
	//   Enforce the specified idKeyDigest value during remote attestation.
	EnforceIDKeyDigest *bool `yaml:"enforceIdKeyDigest" validate:"required"`
	// description: |
	//   Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview
	ConfidentialVM *bool `yaml:"confidentialVM" validate:"required"`
	// description: |
	//   Enable secure boot for VMs. If enabled, the OS image has to include a virtual machine guest state (VMGS) blob.
	SecureBoot *bool `yaml:"secureBoot" validate:"required"`
}

AzureConfig are Azure specific configuration values used by the CLI.

func (AzureConfig) Doc 

func (_ AzureConfig) Doc() *encoder.Doc

type Config 

type Config struct {
	// description: |
	//   Schema version of this configuration file.
	Version string `yaml:"version" validate:"eq=v1"`
	// description: |
	//   Size (in GB) of a node's disk to store the non-volatile state.
	StateDiskSizeGB int `yaml:"stateDiskSizeGB" validate:"min=0"`
	// description: |
	//   Kubernetes version to be installed in the cluster.
	KubernetesVersion string `yaml:"kubernetesVersion" validate:"supported_k8s_version"`
	// description: |
	//   DON'T USE IN PRODUCTION: enable debug mode and use debug images. For usage, see: https://github.com/edgelesssys/constellation/blob/main/debugd/README.md
	DebugCluster *bool `yaml:"debugCluster" validate:"required"`
	// description: |
	//   Supported cloud providers and their specific configurations.
	Provider ProviderConfig `yaml:"provider" validate:"dive"`
	// description: |
	//   Create SSH users on Constellation nodes.
	// examples:
	//   - value: '[]UserKey{ { Username:  "Alice", PublicKey: "ssh-rsa AAAAB3NzaC...5QXHKW1rufgtJeSeJ8= alice@domain.com" } }'
	SSHUsers []UserKey `yaml:"sshUsers,omitempty" validate:"dive"`
	// description: |
	//   Configuration to apply during constellation upgrade.
	// examples:
	//   - value: 'UpgradeConfig{ Image: "", Measurements: Measurements{} }'
	Upgrade UpgradeConfig `yaml:"upgrade,omitempty"`
}

Config defines configuration used by CLI.

func Default 

func Default() *Config

Default returns a struct with the default config.

func FromFile 

func FromFile(fileHandler file.Handler, name string) (*Config, error)

FromFile returns config file with `name` read from `fileHandler` by parsing it as YAML.

func (Config) Doc 

func (_ Config) Doc() *encoder.Doc

func (*Config) EnforcesIDKeyDigest 

func (c *Config) EnforcesIDKeyDigest() bool

func (*Config) GetProvider 

func (c *Config) GetProvider() cloudprovider.Provider

GetProvider returns the configured cloud provider.

func (*Config) HasProvider 

func (c *Config) HasProvider(provider cloudprovider.Provider) bool

HasProvider checks whether the config contains the provider.

func (*Config) Image 

func (c *Config) Image() string

Image returns OS image for the configured cloud provider. If multiple cloud providers are configured (which is not supported) only a single image is returned.

func (*Config) IsAzureNonCVM 

func (c *Config) IsAzureNonCVM() bool

IsAzureNonCVM checks whether the chosen provider is azure and confidential VMs are disabled.

func (*Config) IsDebugCluster 

func (c *Config) IsDebugCluster() bool

IsDebugCluster checks whether the cluster is configured as a debug cluster.

func (*Config) IsDebugImage 

func (c *Config) IsDebugImage() bool

IsDebugImage checks whether image name looks like a release image, if not it is probably a debug image. In the end we do not if bootstrapper or debugd was put inside an image just by looking at its name.

func (*Config) RemoveProviderExcept 

func (c *Config) RemoveProviderExcept(provider cloudprovider.Provider)

RemoveProviderExcept removes all provider specific configurations, i.e., sets them to nil, except the one specified. If an unknown provider is passed, the same configuration is returned.

func (*Config) UpdateMeasurements 

func (c *Config) UpdateMeasurements(newMeasurements Measurements)

func (*Config) Validate 

func (c *Config) Validate() ([]string, error)

Validate checks the config values and returns validation error messages. The function only returns an error if the validation itself fails.

type GCPConfig 

type GCPConfig struct {
	// description: |
	//   GCP project. See: https://support.google.com/googleapi/answer/7014113?hl=en
	Project string `yaml:"project" validate:"required"`
	// description: |
	//   GCP datacenter region. See: https://cloud.google.com/compute/docs/regions-zones#available
	Region string `yaml:"region" validate:"required"`
	// description: |
	//   GCP datacenter zone. See: https://cloud.google.com/compute/docs/regions-zones#available
	Zone string `yaml:"zone" validate:"required"`
	// description: |
	//   Path of service account key file. For required service account roles, see https://docs.edgeless.systems/constellation/getting-started/install#authorization
	ServiceAccountKeyPath string `yaml:"serviceAccountKeyPath" validate:"required"`
	// description: |
	//   Machine image used to create Constellation nodes.
	Image string `yaml:"image" validate:"required"`
	// description: |
	//   VM instance type to use for Constellation nodes.
	InstanceType string `yaml:"instanceType" validate:"gcp_instance_type"`
	// description: |
	//   Type of a node's state disk. The type influences boot time and I/O performance. See: https://cloud.google.com/compute/docs/disks#disk-types
	StateDiskType string `yaml:"stateDiskType" validate:"oneof=pd-standard pd-balanced pd-ssd"`
	// description: |
	//   Expected confidential VM measurements.
	Measurements Measurements `yaml:"measurements"`
	// description: |
	//   List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning.
	EnforcedMeasurements []uint32 `yaml:"enforcedMeasurements"`
}

GCPConfig are GCP specific configuration values used by the CLI.

func (GCPConfig) Doc 

func (_ GCPConfig) Doc() *encoder.Doc

type Measurements 

type Measurements map[uint32][]byte

func (Measurements) CopyFrom 

func (m Measurements) CopyFrom(other Measurements)

CopyFrom copies over all values from other. Overwriting existing values, but keeping not specified values untouched.

func (*Measurements) FetchAndVerify 

func (m *Measurements) FetchAndVerify(ctx context.Context, client *http.Client, measurementsURL *url.URL, signatureURL *url.URL, publicKey []byte) (string, error)

FetchAndVerify fetches measurement and signature files via provided URLs, using client for download. The publicKey is used to verify the measurements. The hash of the fetched measurements is returned.

func (Measurements) MarshalYAML 

func (m Measurements) MarshalYAML() (any, error)

MarshalYAML overwrites the default behaviour of writing out []byte not as single bytes, but as a single base64 encoded string.

func (*Measurements) UnmarshalYAML 

func (m *Measurements) UnmarshalYAML(unmarshal func(any) error) error

UnmarshalYAML overwrites the default behaviour of reading []byte not as single bytes, but as a single base64 encoded string.

type ProviderConfig 

type ProviderConfig struct {
	// description: |
	//   Configuration for AWS as provider.
	AWS *AWSConfig `yaml:"aws,omitempty" validate:"omitempty,dive"`
	// description: |
	//   Configuration for Azure as provider.
	Azure *AzureConfig `yaml:"azure,omitempty" validate:"omitempty,dive"`
	// description: |
	//   Configuration for Google Cloud as provider.
	GCP *GCPConfig `yaml:"gcp,omitempty" validate:"omitempty,dive"`
	// description: |
	//   Configuration for QEMU as provider.
	QEMU *QEMUConfig `yaml:"qemu,omitempty" validate:"omitempty,dive"`
}

ProviderConfig are cloud-provider specific configuration values used by the CLI. Fields should remain pointer-types so custom specific configs can nil them if not required.

func (ProviderConfig) Doc 

func (_ ProviderConfig) Doc() *encoder.Doc

type QEMUConfig 

type QEMUConfig struct {
	// description: |
	//   Path to the image to use for the VMs.
	Image string `yaml:"image" validate:"required"`
	// description: |
	//   Format of the image to use for the VMs. Should be either qcow2 or raw.
	ImageFormat string `yaml:"imageFormat" validate:"oneof=qcow2 raw"`
	// description: |
	//   vCPU count for the VMs.
	VCPUs int `yaml:"vcpus" validate:"required"`
	// description: |
	//   Amount of memory per instance (MiB).
	Memory int `yaml:"memory" validate:"required"`
	// description: |
	//   Container image to use for the QEMU metadata server.
	MetadataAPIImage string `yaml:"metadataAPIServer" validate:"required"`
	// description: |
	//   Libvirt connection URI. Leave empty to start a libvirt instance in Docker.
	LibvirtURI string `yaml:"libvirtSocket"`
	// description: |
	//   Container image to use for launching a containerized libvirt daemon. Only relevant if `libvirtSocket = ""`.
	LibvirtContainerImage string `yaml:"libvirtContainerImage"`
	// description: |
	//   NVRAM template to be used for secure boot. Can be sentinel value "production", "testing" or a path to a custom NVRAM template
	NVRAM string `yaml:"nvram" validate:"required"`
	// description: |
	//   Path to the OVMF firmware. Leave empty for auto selection.
	Firmware string `yaml:"firmware"`
	// description: |
	//   Measurement used to enable measured boot.
	Measurements Measurements `yaml:"measurements"`
	// description: |
	//   List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning.
	EnforcedMeasurements []uint32 `yaml:"enforcedMeasurements"`
}

func (QEMUConfig) Doc 

func (_ QEMUConfig) Doc() *encoder.Doc

type UpgradeConfig 

type UpgradeConfig struct {
	// description: |
	//   Updated machine image to install on all nodes.
	Image string `yaml:"image"`
	// description: |
	//   Measurements of the updated image.
	Measurements Measurements `yaml:"measurements"`
}

UpgradeConfig defines configuration used during constellation upgrade.

func (UpgradeConfig) Doc 

func (_ UpgradeConfig) Doc() *encoder.Doc

type UserKey 

type UserKey struct {
	// description: |
	//   Username of new SSH user.
	Username string `yaml:"username" validate:"required"`
	// description: |
	//   Public key of new SSH user.
	PublicKey string `yaml:"publicKey" validate:"required"`
}

UserKey describes a user that should be created with corresponding public SSH key.

func (UserKey) Doc 

func (_ UserKey) Doc() *encoder.Doc

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.