util

package
v1.105.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 28, 2024 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// KindManagedSeed is a constant for the "managed seed" kind.
	KindManagedSeed = "seedmanagement.gardener.cloud/v1alpha1.ManagedSeed resource"
	// KindGardenlet is a constant for the "gardenlet" kind.
	KindGardenlet = "seedmanagement.gardener.cloud/v1alpha1.Gardenlet resource"
	// ServiceAccountNamePrefix is the prefix used for service account names.
	ServiceAccountNamePrefix = "gardenlet-bootstrap-"
	// ClusterRoleBindingNamePrefix is the prefix used for cluster role binding names.
	ClusterRoleBindingNamePrefix = GardenerSeedBootstrapper + ":"
	// GardenerSeedBootstrapper is a constant for the gardener seed bootstrapper name.
	GardenerSeedBootstrapper = "gardener.cloud:system:seed-bootstrapper"
)

Variables

This section is empty.

Functions

func ClusterRoleBindingName added in v1.25.0 

func ClusterRoleBindingName(managedSeedNamespace, serviceAccountName string) string

ClusterRoleBindingName concatenates the gardener seed bootstrapper group with the given name, separated by a colon.

func ComputeGardenletKubeconfigWithBootstrapToken added in v1.20.0 

func ComputeGardenletKubeconfigWithBootstrapToken(ctx context.Context, gardenClient client.Client, gardenClientRestConfig *rest.Config, tokenID, description string, validity time.Duration) ([]byte, error)

ComputeGardenletKubeconfigWithBootstrapToken creates a kubeconfig containing a valid bootstrap token as client credentials Creates the required bootstrap token secret in the Garden cluster and puts it into a Kubeconfig tailored to the Gardenlet

func ComputeGardenletKubeconfigWithServiceAccountToken added in v1.20.0 

func ComputeGardenletKubeconfigWithServiceAccountToken(ctx context.Context, gardenClient client.Client, coreV1Client corev1clientset.CoreV1Interface, gardenClientRestConfig *rest.Config, serviceAccountName, serviceAccountNamespace string) ([]byte, error)

ComputeGardenletKubeconfigWithServiceAccountToken creates a kubeconfig containing the token of a service account Creates the required service account in the Garden cluster and puts the associated token into a Kubeconfig tailored to the Gardenlet

func CreateGardenletKubeconfigWithClientCertificate added in v1.20.0 

func CreateGardenletKubeconfigWithClientCertificate(config *rest.Config, privateKeyData, certDat []byte) ([]byte, error)

CreateGardenletKubeconfigWithClientCertificate creates a kubeconfig for the Gardenlet with the given client certificate.

func CreateGardenletKubeconfigWithToken added in v1.20.0 

func CreateGardenletKubeconfigWithToken(config *rest.Config, token string) ([]byte, error)

CreateGardenletKubeconfigWithToken creates a kubeconfig for the Gardenlet with the given bootstrap token.

func Description added in v1.25.0 

func Description(kind, namespace, name string) string

Description returns a description for a bootstrap token with the given kind/namespace/name information.

func DigestedName 

func DigestedName(publicKey any, subject *pkix.Name, usages []certificatesv1.KeyUsage) (string, error)

DigestedName is a digest that should include all the relevant pieces of the CSR we care about. We can't directly hash the serialized CSR because of random padding that we regenerate every loop and we include usages which are not contained in the CSR. This needs to be kept up to date as we add new fields to the node certificates and with ensureCompatible.

func GetKubeconfigFromSecret 

func GetKubeconfigFromSecret(ctx context.Context, seedClient client.Client, key client.ObjectKey) ([]byte, error)

GetKubeconfigFromSecret tries to retrieve the kubeconfig bytes using the given client returns the kubeconfig or nil if it cannot be found

func GetSeedName 

func GetSeedName(seedConfig *config.SeedConfig) string

GetSeedName returns the seed name from the SeedConfig or the default Seed name

func ManagedSeedInfoFromClusterRoleBindingName added in v1.63.0 

func ManagedSeedInfoFromClusterRoleBindingName(clusterRoleBindingName string) (managedSeedNamespace, managedSeedName string)

ManagedSeedInfoFromClusterRoleBindingName returns the namespace and name of the related ManagedSeed for a given cluster role binding name.

func MetadataFromDescription added in v1.25.0 

func MetadataFromDescription(description string) (kind, namespace, name string)

MetadataFromDescription returns the namespace and name for a given description with a specific kind.

func ServiceAccountName added in v1.25.0 

func ServiceAccountName(name string) string

ServiceAccountName returns the name of a `ServiceAccount` for bootstrapping based on the given metadata.

func TokenID added in v1.25.0 

func TokenID(meta metav1.ObjectMeta) string

TokenID returns the token id based on the given metadata.

func UpdateGardenKubeconfigCAIfChanged added in v1.45.0 

func UpdateGardenKubeconfigCAIfChanged(ctx context.Context, log logr.Logger, seedClient client.Client, kubeconfig []byte, gardenClientConnection *config.GardenClientConnection) ([]byte, error)

UpdateGardenKubeconfigCAIfChanged checks if the garden cluster CA given in the gardenClientConnection differs from the CA in the kubeconfig secret and updates the secret to contain the new CA if that's the case.

func UpdateGardenKubeconfigSecret 

func UpdateGardenKubeconfigSecret(ctx context.Context, certClientConfig *rest.Config, certData, privateKeyData []byte, seedClient client.Client, kubeconfigKey client.ObjectKey) ([]byte, error)

UpdateGardenKubeconfigSecret updates the secret in the seed cluster that holds the kubeconfig of the Garden cluster.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.