util

package
v1.40.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 8, 2022 License: Apache-2.0, BSD-2-Clause, MIT, + 1 more Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// DedicatedSeedKubeconfig is a constant for the target cluster name when the gardenlet is using a dedicated seed kubeconfig
	DedicatedSeedKubeconfig = "configured in .SeedClientConnection.Kubeconfig"
	// InCluster is a constant for the target cluster name  when the gardenlet is running in a Kubernetes cluster
	// and is using the mounted service account token of that cluster
	InCluster = "in cluster"
)
View Source
const (
	// KindSeed is a constant for the "seed" kind.
	KindSeed = "seed"
	// KindManagedSeed is a constant for the "managed seed" kind.
	KindManagedSeed = "managed seed"
	// ServiceAccountNamePrefix is the prefix used for service account names.
	ServiceAccountNamePrefix = "gardenlet-bootstrap-"
	// ClusterRoleBindingNamePrefix is the prefix used for cluster role binding names.
	ClusterRoleBindingNamePrefix = GardenerSeedBootstrapper + ":"
	// GardenerSeedBootstrapper is a constant for the gardener seed bootstrapper name.
	GardenerSeedBootstrapper = "gardener.cloud:system:seed-bootstrapper"
)

Variables

This section is empty.

Functions

func ClusterRoleBindingName added in v1.25.0

func ClusterRoleBindingName(namespace, name string) string

ClusterRoleBindingName concatenates the gardener seed bootstrapper group with the given name, separated by a colon.

func ComputeGardenletKubeconfigWithBootstrapToken added in v1.20.0

func ComputeGardenletKubeconfigWithBootstrapToken(ctx context.Context, gardenClient client.Client, gardenClientRestConfig *rest.Config, tokenID, description string, validity time.Duration) ([]byte, error)

ComputeGardenletKubeconfigWithBootstrapToken creates a kubeconfig containing a valid bootstrap token as client credentials Creates the required bootstrap token secret in the Garden cluster and puts it into a Kubeconfig tailored to the Gardenlet

func ComputeGardenletKubeconfigWithServiceAccountToken added in v1.20.0

func ComputeGardenletKubeconfigWithServiceAccountToken(ctx context.Context, gardenClient client.Client, gardenClientRestConfig *rest.Config, serviceAccountName, serviceAccountNamespace string) ([]byte, error)

ComputeGardenletKubeconfigWithServiceAccountToken creates a kubeconfig containing the token of a service account Creates the required service account in the Garden cluster and puts the associated token into a Kubeconfig tailored to the Gardenlet

func CreateGardenletKubeconfigWithClientCertificate added in v1.20.0

func CreateGardenletKubeconfigWithClientCertificate(config *rest.Config, privateKeyData, certDat []byte) ([]byte, error)

CreateGardenletKubeconfigWithClientCertificate creates a kubeconfig for the Gardenlet with the given client certificate.

func CreateGardenletKubeconfigWithToken added in v1.20.0

func CreateGardenletKubeconfigWithToken(config *rest.Config, token string) ([]byte, error)

CreateGardenletKubeconfigWithToken creates a kubeconfig for the Gardenlet with the given bootstrap token.

func Description added in v1.25.0

func Description(kind, namespace, name string) string

Description returns a description for a bootstrap token with the given kind/namespace/name information.

func DigestedName

func DigestedName(publicKey interface{}, subject *pkix.Name, usages []certificatesv1.KeyUsage) (string, error)

DigestedName is a digest that should include all the relevant pieces of the CSR we care about. We can't directly hash the serialized CSR because of random padding that we regenerate every loop and we include usages which are not contained in the CSR. This needs to be kept up to date as we add new fields to the node certificates and with ensureCompatible.

func GetKubeconfigFromSecret

func GetKubeconfigFromSecret(ctx context.Context, seedClient client.Client, namespace, name string) ([]byte, error)

GetKubeconfigFromSecret tries to retrieve the kubeconfig bytes using the given client returns the kubeconfig or nil if it cannot be found

func GetSeedName

func GetSeedName(seedConfig *config.SeedConfig) string

GetSeedName returns the seed name from the SeedConfig or the default Seed name

func GetTargetClusterName

func GetTargetClusterName(config *config.SeedClientConnection) string

GetTargetClusterName returns the target cluster of the gardenlet based on the SeedClientConnection. This is either the cluster configured by .SeedClientConnection.Kubeconfig, or when running in Kubernetes, the local cluster it is deployed to (by using a mounted service account token)

func MetadataFromClusterRoleBindingName added in v1.25.0

func MetadataFromClusterRoleBindingName(clusterRoleBindingName string) (namespace, name string)

MetadataFromClusterRoleBindingName returns the namespace and name for a given cluster role binding name.

func MetadataFromDescription added in v1.25.0

func MetadataFromDescription(description, kind string) (namespace, name string)

MetadataFromDescription returns the namespace and name for a given description with a specific kind.

func ServiceAccountName added in v1.25.0

func ServiceAccountName(name string) string

ServiceAccountName returns the name of a `ServiceAccount` for bootstrapping based on the given metadata.

func TokenID added in v1.25.0

func TokenID(meta metav1.ObjectMeta) string

TokenID returns the token id based on the given metadata.

func UpdateGardenKubeconfigSecret

func UpdateGardenKubeconfigSecret(ctx context.Context, certClientConfig *rest.Config, certData, privateKeyData []byte, seedClient client.Client, gardenClientConnection *config.GardenClientConnection) ([]byte, error)

UpdateGardenKubeconfigSecret updates the secret in the seed cluster that holds the kubeconfig of the Garden cluster.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL