Documentation
¶
Overview ¶
Copyright 2024 Illumio, Inc. All Rights Reserved.
Index ¶
- func ExponentialStreamConnect(ctx context.Context, logger *zap.SugaredLogger, envMap EnvironmentConfig, ...)
- func GetClusterID(ctx context.Context, logger *zap.SugaredLogger) (string, error)
- func IsRunningInCluster() bool
- func NewClientSet() (*kubernetes.Clientset, error)
- func NewGRPClogger(grpcSyncer *BufferedGrpcWriteSyncer) *zap.SugaredLogger
- func NewStreams(ctx context.Context, logger *zap.SugaredLogger, conn *grpc.ClientConn) (*streamManager, error)
- func ServerIsHealthy() bool
- func SetUpOAuthConnection(ctx context.Context, logger *zap.SugaredLogger, tokenURL string, ...) (*grpc.ClientConn, error)
- type BufferedGrpcWriteSyncer
- type CacheManager
- type CiliumFlowCollector
- type ClientConnInterface
- type Credentials
- type CredentialsManager
- type EnvironmentConfig
- type OnboardResponse
- type ResourceManager
- type SecretManager
- func (sm *SecretManager) DoesK8sSecretExist(ctx context.Context, secretName string) bool
- func (sm *SecretManager) GetOnboardingCredentials(ctx context.Context, clientID string, clientSecret string) (Credentials, error)
- func (sm *SecretManager) ReadCredentialsK8sSecrets(ctx context.Context, secretName string) (string, string, error)
- func (sm *SecretManager) WriteK8sSecret(ctx context.Context, keyData OnboardResponse, ClusterCreds string) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExponentialStreamConnect ¶
func ExponentialStreamConnect(ctx context.Context, logger *zap.SugaredLogger, envMap EnvironmentConfig, bufferedGrpcSyncer *BufferedGrpcWriteSyncer)
ExponentialStreamConnect will continue to reboot and restart the main operations within the operator if any disconnects or errors occur.
func GetClusterID ¶
GetClusterID returns the uid of the k8s cluster's kube-system namespace, which is used as the cluster's globally unique ID.
func IsRunningInCluster ¶
func IsRunningInCluster() bool
IsRunningInCluster helps determine if the application is running inside a Kubernetes cluster.
func NewClientSet ¶
func NewClientSet() (*kubernetes.Clientset, error)
NewClientSet returns a new Kubernetes clientset based on the execution environment.
func NewGRPClogger ¶ added in v0.0.2
func NewGRPClogger(grpcSyncer *BufferedGrpcWriteSyncer) *zap.SugaredLogger
NewGRPClogger will define a new zap logger with multiple writesyncs one to stdout and one for GRPC writestream
func NewStreams ¶ added in v0.0.2
func NewStreams(ctx context.Context, logger *zap.SugaredLogger, conn *grpc.ClientConn) (*streamManager, error)
NewStream returns a new stream.
func ServerIsHealthy ¶
func ServerIsHealthy() bool
ServerIsHealthy checks if a deadlock has occured within the threaded resource listing process.
func SetUpOAuthConnection ¶
func SetUpOAuthConnection(ctx context.Context, logger *zap.SugaredLogger, tokenURL string, TlsSkipVerify bool, clientID string, clientSecret string) (*grpc.ClientConn, error)
SetUpOAuthConnection establishes a gRPC connection using OAuth credentials and logging the process.
Types ¶
type BufferedGrpcWriteSyncer ¶ added in v0.0.2
type BufferedGrpcWriteSyncer struct {
// contains filtered or unexported fields
}
BufferedGrpcWriteSyncer is a custom zap writesync that writes to a grpc stream In case stream is not connected it will buffer to memory
func NewBufferedGrpcWriteSyncer ¶ added in v0.0.2
func NewBufferedGrpcWriteSyncer() *BufferedGrpcWriteSyncer
NewBufferedGrpcWriteSyncer returns a new BufferedGrpcWriteSyncer
func (*BufferedGrpcWriteSyncer) Close ¶ added in v0.0.2
func (b *BufferedGrpcWriteSyncer) Close() error
Close flushes buffered log data into grpc stream if possible, and closes the connection.
func (*BufferedGrpcWriteSyncer) ListenToLogStream ¶ added in v0.0.2
func (b *BufferedGrpcWriteSyncer) ListenToLogStream()
ListenToLogStream will wait for responses from server and will update log level depending respone contents
func (*BufferedGrpcWriteSyncer) UpdateClient ¶ added in v0.0.2
func (b *BufferedGrpcWriteSyncer) UpdateClient(client pb.KubernetesInfoService_SendLogsClient, conn ClientConnInterface)
UpdateClient will update BufferedGrpcWriteSyncer with new client stream and GRPC connection
type CacheManager ¶
type CacheManager struct {
// contains filtered or unexported fields
}
CacheManager contains the cache that is used to store seen events.
type CiliumFlowCollector ¶ added in v0.0.5
type CiliumFlowCollector struct {
// contains filtered or unexported fields
}
CiliumFlowCollector collects flows from Cilium Hubble Relay running in this cluster.
type ClientConnInterface ¶ added in v0.0.2
type ClientConnInterface interface {
GetState() connectivity.State
Close() error
}
type Credentials ¶
type Credentials struct {
ClientID string `json:"client_id"`
ClientSecret string `json:"client_secret"`
}
Credentials contains attributes that are needed for onboarding.
type CredentialsManager ¶
type CredentialsManager struct {
Credentials Credentials
Logger *zap.SugaredLogger
}
CredentialsManager holds credentials and a logger.
func (*CredentialsManager) Onboard ¶
func (am *CredentialsManager) Onboard(ctx context.Context, TlsSkipVerify bool, OnboardingEndpoint string) (OnboardResponse, error)
Onboard onboards this cluster with CloudSecure using the onboarding credentials and obtains OAuth 2 credentials for this cluster.
type EnvironmentConfig ¶
type EnvironmentConfig struct {
// Namspace of Cilium.
CiliumNamespace string
// K8s cluster secret name.
ClusterCreds string
// Client ID for onboarding. "" if not specified, i.e. if the operator is not meant to onboard itself.
OnboardingClientId string
// Client secret for onboarding. "" if not specified, i.e. if the operator is not meant to onboard itself.
OnboardingClientSecret string
// URL of the onboarding endpoint.
OnboardingEndpoint string
// URL of the token endpoint.
TokenEndpoint string
// Whether to skip TLS certificate verification when starting a stream.
TlsSkipVerify bool
}
type OnboardResponse ¶
type ResourceManager ¶
type ResourceManager struct {
// contains filtered or unexported fields
}
ResourceManager encapsulates components for listing and managing Kubernetes resources.
func (*ResourceManager) DyanmicListAndWatchResources ¶
func (r *ResourceManager) DyanmicListAndWatchResources(ctx context.Context, cancel context.CancelFunc, resource string, apiGroup string, allResourcesSnapshotted *sync.WaitGroup, snapshotCompleted *sync.WaitGroup)
DynamicListAndWatchResources lists and watches the specified resource dynamically, managing context cancellation and synchronization with wait groups.
func (*ResourceManager) DynamicListResources ¶
func (r *ResourceManager) DynamicListResources(ctx context.Context, resource string, apiGroup string) (string, CacheManager, error)
DynamicListResources lists a specifed resource dynamically and sends down the current gRPC stream.
type SecretManager ¶
type SecretManager struct {
Logger *zap.SugaredLogger
}
SecretManager keeps a logger for its own methods.
func (*SecretManager) DoesK8sSecretExist ¶
func (sm *SecretManager) DoesK8sSecretExist(ctx context.Context, secretName string) bool
func (*SecretManager) GetOnboardingCredentials ¶
func (sm *SecretManager) GetOnboardingCredentials(ctx context.Context, clientID string, clientSecret string) (Credentials, error)
GetOnboardingCredentials returns credentials to onboard this cluster with CloudSecure.
func (*SecretManager) ReadCredentialsK8sSecrets ¶
func (sm *SecretManager) ReadCredentialsK8sSecrets(ctx context.Context, secretName string) (string, string, error)
ReadK8sSecret takes a secretName and reads the file.
func (*SecretManager) WriteK8sSecret ¶
func (sm *SecretManager) WriteK8sSecret(ctx context.Context, keyData OnboardResponse, ClusterCreds string) error
WriteK8sSecret takes an OnboardResponse and writes it to a locally kept secret.
Source Files
Directories