Documentation ¶
Index ¶
Constants ¶
const ( // Name is a constant for the cloud-config-downloader. Name = "cloud-config-downloader" // UnitName is the name of the cloud-config-downloader service. UnitName = Name + ".service" // SecretName is a constant for the secret name for the cloud-config-downloader's kubeconfig secret. SecretName = Name // UnitRestartSeconds is the number of seconds after which the cloud-config-downloader unit will be restarted. UnitRestartSeconds = 30 // DataKeyScript is the key whose value is the to-be-executed cloud-config user-data script inside a data map of a // Kubernetes secret object. DataKeyScript = "script" // AnnotationKeyChecksum is the key of an annotation on a Secret object whose value is the checksum of the cloud // config user data stored in the data map of this Secret. AnnotationKeyChecksum = "checksum/data-script" // PathCCDDirectory is a constant for the path of the cloud-config-downloader unit. PathCCDDirectory = "/var/lib/" + Name // PathCredentialsDirectory is a constant for the path of the cloud-config-downloader credentials used to download // the cloud-config user-data. PathCredentialsDirectory = PathCCDDirectory + "/credentials" // PathDownloadsDirectory is a constant for the path of the cloud-config-downloader credentials used for storing the // downloaded content. PathDownloadsDirectory = PathCCDDirectory + "/downloads" // PathCCDScript is a constant for the path of the script containing the instructions to download the cloud-config // user-data. PathCCDScript = PathCCDDirectory + "/download-cloud-config.sh" // PathCCDScriptChecksum is a constant for the path of the file containing md5 has of PathCCDScript. PathCCDScriptChecksum = PathCCDDirectory + "/download-cloud-config.md5" // PathCredentialsServer is a constant for a path containing the 'server' part for the download. PathCredentialsServer = PathCredentialsDirectory + "/server" // PathCredentialsCACert is a constant for a path containing the 'CA certificate' credentials part for the download. PathCredentialsCACert = PathCredentialsDirectory + "/ca.crt" // PathCredentialsClientCert is a constant for a path containing the 'client certificate' credentials part for the // download. PathCredentialsClientCert = PathCredentialsDirectory + "/client.crt" // PathCredentialsClientKey is a constant for a path containing the 'client private key' credentials part for the // download. PathCredentialsClientKey = PathCredentialsDirectory + "/client.key" // PathBootstrapToken is the path of a file on the shoot worker nodes in which the the bootstrap token for the kubelet // bootstrap is stored. PathBootstrapToken = PathCredentialsDirectory + "/bootstrap-token" // BootstrapTokenPlaceholder is the token that is expected to be replaced by the worker controller with the actual token BootstrapTokenPlaceholder = "<<BOOTSTRAP_TOKEN>>" // PathDownloadedCloudConfig is the path on the shoot worker nodes at which the downloaded cloud-config user-data // will be stored. PathDownloadedCloudConfig = PathDownloadsDirectory + "/cloud_config" // PathDownloadedCloudConfigChecksum is the path on the shoot worker nodes at which the checksum of the downloaded // cloud-config user-data will be stored. PathDownloadedCloudConfigChecksum = PathCCDDirectory + "/downloaded_checksum" )
Variables ¶
This section is empty.
Functions ¶
func Config ¶
func Config(cloudConfigUserDataSecretName, apiServerURL string) ([]extensionsv1alpha1.Unit, []extensionsv1alpha1.File, error)
Config returns the units and the files for the OperatingSystemConfig that downloads the actual cloud-config user data. ### !CAUTION! ### Most cloud providers have a limit of 16 KB regarding the user-data that may be sent during VM creation. The result of this operating system config is exactly the user-data that will be sent to the providers. We must not exceed the 16 KB, so be careful when extending/changing anything in here. ### !CAUTION! ###
func GenerateRBACResourcesData ¶
GenerateRBACResourcesData returns a map of serialized Kubernetes resources that allow the cloud-config-downloader to access the list of given secrets. Additionally, serialized resources providing permissions to allow initiating the Kubernetes TLS bootstrapping process will be returned.
Types ¶
This section is empty.