legacy

package

v0.0.0-...-34d1f6c Latest Latest Go to latest Published: Jan 17, 2019 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/giantswarm/legacycerts

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func IsInvalidConfig(err error) bool
func IsSecretsRetrievalFailed(err error) bool
func ValidComponent(el ClusterComponent, components []ClusterComponent) bool
type AssetsBundle
type AssetsBundleKey
type ClusterComponent
- func (c ClusterComponent) String() string
type CompactTLSAssets
type Searcher
type Service
- func NewService(config ServiceConfig) (*Service, error)
- func (s *Service) SearchCerts(clusterID string) (AssetsBundle, error)
- func (s *Service) SearchCertsForComponent(clusterID, componentName string) (AssetsBundle, error)
type ServiceConfig
- func DefaultServiceConfig() ServiceConfig
type TLSAssetType
- func (t TLSAssetType) String() string

Constants ¶

View Source

const (
	// ComponentLabel is the label used in the secret to identify a cluster
	// component.
	ComponentLabel string = "clusterComponent"
	// ClusterIDLabel is the label used in the secret to identify a cluster.
	ClusterIDLabel string = "clusterID"
)

These constants are used when filtering the secrets, to only retrieve the ones we are interested in.

View Source

const (
	// WatchTimeOut is the time to wait on watches against the Kubernetes API
	// before giving up and throwing an error.
	WatchTimeOut = 90 * time.Second
)

Variables ¶

View Source

var ClusterComponents = []ClusterComponent{
	APIComponent,
	CalicoComponent,
	EtcdComponent,
	ServiceAccountComponent,
	WorkerComponent,
}

ClusterComponents is a slice enumerating all the components that make up the cluster.

TODO add FlanneldComponent as soon as all guest clusters have Flanneld certificates.

View Source

var ClusterOperatorComponents = []ClusterComponent{
	ClusterOperatorAPIComponent,
}

ClusterOperatorComponents is a slice enumerating all the components that are used by cluster-operator.

View Source

var DrainingComponents = []ClusterComponent{
	NodeOperatorComponent,
}

View Source

var MonitoringComponents = []ClusterComponent{
	PrometheusComponent,
	KubeStateMetricsComponent,
}

MonitoringComponents is a slice enumerating all the components that make up monitoring.

View Source

var TLSAssetTypes = []TLSAssetType{CA, Crt, Key}

TLSAssetTypes is a slice enumerating all the TLS assets we need to boot the cluster.

Functions ¶

func IsInvalidConfig ¶

func IsInvalidConfig(err error) bool

IsInvalidConfig asserts invalidConfigError.

func IsSecretsRetrievalFailed ¶

func IsSecretsRetrievalFailed(err error) bool

IsSecretsRetrievalFailed asserts secretsRetrievalFailedError.

func ValidComponent ¶

func ValidComponent(el ClusterComponent, components []ClusterComponent) bool

ValidComponent looks for el among the components.

Types ¶

type AssetsBundle ¶

type AssetsBundle map[AssetsBundleKey][]byte

AssetsBundle is a structure that contains all the assets for all the components.

type AssetsBundleKey ¶

type AssetsBundleKey struct {
	Component ClusterComponent
	Type      TLSAssetType
}

AssetsBundleKey is a struct key for an AssetsBundle cfr. https://blog.golang.org/go-maps-in-action

type ClusterComponent ¶

type ClusterComponent string

ClusterComponent represents the individual component of a k8s cluster, e.g. the API server, or etcd These are used when getting a secret from the k8s API, to identify the component the secret belongs to.

const (
	// APIComponent is the API server component.
	APIComponent ClusterComponent = "api"
	// CalicoComponent is the calico component.
	CalicoComponent ClusterComponent = "calico"
	// ClusterOperatorAPIComponent is the cluster-operator api component.
	ClusterOperatorAPIComponent ClusterComponent = "cluster-operator-api"
	// EtcdComponent is the etcd cluster component.
	EtcdComponent ClusterComponent = "etcd"
	// FlanneldComponent is the flanneld cluster component.
	FlanneldComponent ClusterComponent = "flanneld"
	// KubeStateMetricsComponent is the kube-state-metrics component.
	KubeStateMetricsComponent ClusterComponent = "kube-state-metrics"
	// NodeOperatorComponent is the prometheus component.
	NodeOperatorComponent ClusterComponent = "node-operator"
	// PrometheusComponent is the prometheus component.
	PrometheusComponent ClusterComponent = "prometheus"
	// ServiceAccountComponent is the service-account component.
	ServiceAccountComponent ClusterComponent = "service-account"
	// WorkerComponent is a worker component.
	WorkerComponent ClusterComponent = "worker"
)

These constants are used to match different components of the cluster when parsing a secret received from the API.

func (ClusterComponent) String ¶

func (c ClusterComponent) String() string

type CompactTLSAssets ¶

type CompactTLSAssets struct {
	APIServerCA       string
	APIServerKey      string
	APIServerCrt      string
	WorkerCA          string
	WorkerKey         string
	WorkerCrt         string
	ServiceAccountCA  string
	ServiceAccountKey string
	ServiceAccountCrt string
	CalicoClientCA    string
	CalicoClientKey   string
	CalicoClientCrt   string
	EtcdServerCA      string
	EtcdServerKey     string
	EtcdServerCrt     string
}

CompactTLSAssets is a struct used by operators to store stringified TLS assets.

type Searcher ¶

type Searcher interface {
	SearchCerts(clusterID string) (AssetsBundle, error)
}

type Service ¶

type Service struct {
	// contains filtered or unexported fields
}

Service implements the certificate TPR service.

func NewService ¶

func NewService(config ServiceConfig) (*Service, error)

NewService creates a new configured certificate TPR service.

func (*Service) SearchCerts ¶

func (s *Service) SearchCerts(clusterID string) (AssetsBundle, error)

SearchCerts watches for all secrets of a cluster and returns it as assets bundle.

func (*Service) SearchCertsForComponent ¶

func (s *Service) SearchCertsForComponent(clusterID, componentName string) (AssetsBundle, error)

SearchCertsForComponent watches for secrets of a single cluster component and returns it as assets bundle.

type ServiceConfig ¶

type ServiceConfig struct {
	// Dependencies.
	K8sClient kubernetes.Interface
	Logger    micrologger.Logger
}

ServiceConfig represents the configuration used to create a certificate TPR service.

func DefaultServiceConfig ¶

func DefaultServiceConfig() ServiceConfig

DefaultServiceConfig provides a default configuration to create a new certificate TPR service by best effort.

type TLSAssetType ¶

type TLSAssetType string

TLSAssetType represents the type of TLS asset, e.g. a CA certificate, or a certificate key These are used when getting a secret from the k8s API, to identify the specific type of TLS asset that is contained in the secret.

const (
	// CA is the key for the CA certificate.
	CA TLSAssetType = "ca"
	// Crt is the key for the certificate.
	Crt TLSAssetType = "crt"
	// Key is the key for the key.
	Key TLSAssetType = "key"
)

These constants are used to match each asset in the secret.

func (TLSAssetType) String ¶

func (t TLSAssetType) String() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
legacytest

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL