Documentation ¶
Index ¶
- Constants
- func BuildBootstrapperName(name string) string
- func DigestedName(publicKey interface{}, subject *pkix.Name, usages []certificatesv1.KeyUsage) (string, error)
- func GetKubeconfigFromSecret(ctx context.Context, seedClient client.Client, namespace, name string) ([]byte, error)
- func GetSeedName(seedConfig *config.SeedConfig) string
- func GetTargetClusterName(config *config.SeedClientConnection) string
- func MarshalKubeconfigWithClientCertificate(config *rest.Config, privateKeyData, certDat []byte) ([]byte, error)
- func MarshalKubeconfigWithToken(config *rest.Config, token string) ([]byte, error)
- func UpdateGardenKubeconfigSecret(ctx context.Context, certClientConfig *rest.Config, ...) ([]byte, error)
Constants ¶
const ( // DedicatedSeedKubeconfig is a constant for the target cluster name when the gardenlet is using a dedicated seed kubeconfig DedicatedSeedKubeconfig = "configured in .SeedClientConnection.Kubeconfig" // InCluster is a constant for the target cluster name when the gardenlet is running in a Kubernetes cluster // and is using the mounted service account token of that cluster InCluster = "in cluster" )
const DefaultSeedName = "<ambiguous>"
DefaultSeedName is the default seed name in case the gardenlet config.SeedConfig is not set
const GardenerSeedBootstrapper = "gardener.cloud:system:seed-bootstrapper"
GardenerSeedBootstrapper is a constant for the gardener seed bootstrapper name.
Variables ¶
This section is empty.
Functions ¶
func BuildBootstrapperName ¶
BuildBootstrapperName concatenates the gardener seed bootstrapper group with the given name, separated by a colon.
func DigestedName ¶
func DigestedName(publicKey interface{}, subject *pkix.Name, usages []certificatesv1.KeyUsage) (string, error)
DigestedName is a digest that should include all the relevant pieces of the CSR we care about. We can't directly hash the serialized CSR because of random padding that we regenerate every loop and we include usages which are not contained in the CSR. This needs to be kept up to date as we add new fields to the node certificates and with ensureCompatible.
func GetKubeconfigFromSecret ¶
func GetKubeconfigFromSecret(ctx context.Context, seedClient client.Client, namespace, name string) ([]byte, error)
GetKubeconfigFromSecret tries to retrieve the kubeconfig bytes using the given client returns the kubeconfig or nil if it cannot be found
func GetSeedName ¶
func GetSeedName(seedConfig *config.SeedConfig) string
GetSeedName returns the seed name from the SeedConfig or the default Seed name
func GetTargetClusterName ¶
func GetTargetClusterName(config *config.SeedClientConnection) string
GetTargetClusterName returns the target cluster of the gardenlet based on the SeedClientConnection. This is either the cluster configured by .SeedClientConnection.Kubeconfig, or when running in Kubernetes, the local cluster it is deployed to (by using a mounted service account token)
func MarshalKubeconfigWithClientCertificate ¶
func MarshalKubeconfigWithClientCertificate(config *rest.Config, privateKeyData, certDat []byte) ([]byte, error)
MarshalKubeconfigWithClientCertificate marshals the kubeconfig derived from the bootstrapping process.
func MarshalKubeconfigWithToken ¶
MarshalKubeconfigWithToken marshals the kubeconfig derived with the given bootstrap token.
func UpdateGardenKubeconfigSecret ¶
func UpdateGardenKubeconfigSecret(ctx context.Context, certClientConfig *rest.Config, certData, privateKeyData []byte, seedClient client.Client, gardenClientConnection *config.GardenClientConnection) ([]byte, error)
UpdateGardenKubeconfigSecret updates the secret in the seed cluster that holds the kubeconfig of the Garden cluster.
Types ¶
This section is empty.