kubernetes

package
v1.2.3-fred.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 20, 2022 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package kubernetes implements Kubernetes Secret backend used for persisting identity and state for agent's running in Kubernetes clusters.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func InKubeCluster 

func InKubeCluster() bool

InKubeCluster detemines if the agent is running inside a Kubernetes cluster and has access to service account token and cluster CA. Besides, it also validates the presence of `KUBE_NAMESPACE` and `TELEPORT_REPLICA_NAME` environment variables to generate the secret name.

Types

type Backend 

type Backend struct {
	Config
	// contains filtered or unexported fields
}

Backend uses Kubernetes Secrets to store identities.

func New 

func New() (*Backend, error)

New returns a new instance of Kubernetes Secret identity backend storage.

func NewWithClient 

func NewWithClient(restClient kubernetes.Interface) (*Backend, error)

NewWithClient returns a new instance of Kubernetes Secret identity backend storage with the provided client.

func NewWithConfig 

func NewWithConfig(conf Config) (*Backend, error)

NewWithConfig returns a new instance of Kubernetes Secret identity backend storage with the provided config.

func (*Backend) Create 

func (b *Backend) Create(ctx context.Context, i backend.Item) (*backend.Lease, error)

Create creates item

func (*Backend) Exists 

func (b *Backend) Exists(ctx context.Context) bool

Exists checks if the secret already exists in Kubernetes. It's used to determine if the agent never created a secret and might upgrade from local SQLite database. In that case, the agent reads local database and creates a copy of the keys in Kube Secret.

func (*Backend) Get 

func (b *Backend) Get(ctx context.Context, key []byte) (*backend.Item, error)

Get reads the secret and extracts the key from it. If the secret does not exist or the key is not found it returns trace.Notfound, otherwise returns the underlying error.

func (*Backend) Put 

func (b *Backend) Put(ctx context.Context, i backend.Item) (*backend.Lease, error)

Put puts value into backend (creates if it does not exist, updates it otherwise)

func (*Backend) PutRange 

func (b *Backend) PutRange(ctx context.Context, items []backend.Item) error

PutRange receives multiple items and upserts them into the Kubernetes Secret. This function is only used when the Agent's Secret does not exist, but local SQLite database has identity credentials. TODO(tigrato): remove this once the compatibility layer between local storage and Kube secret storage is no longer required!

type Config 

type Config struct {
	// Namespace is the Agent's namespace
	// Field is required
	Namespace string
	// SecretName is unique secret per agent where state and identity will be stored.
	// Field is required
	SecretName string
	// ReplicaName is the Agent's pod name
	// Field is required
	ReplicaName string
	// ReleaseName is the HELM release name
	// Field is optional
	ReleaseName string
	// KubeClient is the Kubernetes rest client
	// Field is required
	KubeClient kubernetes.Interface
}

Config structure represents configuration section

func (Config) Check 

func (c Config) Check() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.