Documentation ¶
Overview ¶
Copyright 2024 Illumio, Inc. All Rights Reserved.
Index ¶
- func ExponentialStreamConnect(ctx context.Context, logger *zap.SugaredLogger, envMap EnvironmentConfig)
- func GetClusterID(ctx context.Context, logger *zap.SugaredLogger) (string, error)
- func IsRunningInCluster() bool
- func NewClientSet() (*kubernetes.Clientset, error)
- func NewStream(ctx context.Context, logger *zap.SugaredLogger, conn *grpc.ClientConn) (*streamManager, error)
- func ServerIsHealthy() bool
- func SetUpOAuthConnection(ctx context.Context, logger *zap.SugaredLogger, tokenURL string, ...) (*grpc.ClientConn, error)
- type CacheManager
- type Credentials
- type CredentialsManager
- type EnvironmentConfig
- type OnboardResponse
- type ResourceManager
- type SecretManager
- func (sm *SecretManager) DoesK8sSecretExist(ctx context.Context, secretName string) bool
- func (sm *SecretManager) GetOnboardingCredentials(ctx context.Context, clientID string, clientSecret string) (Credentials, error)
- func (sm *SecretManager) ReadCredentialsK8sSecrets(ctx context.Context, secretName string) (string, string, error)
- func (sm *SecretManager) WriteK8sSecret(ctx context.Context, keyData OnboardResponse, ClusterCreds string) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExponentialStreamConnect ¶
func ExponentialStreamConnect(ctx context.Context, logger *zap.SugaredLogger, envMap EnvironmentConfig)
ExponentialStreamConnect will continue to reboot and restart the main operations within the operator if any disconnects or errors occur.
func GetClusterID ¶
GetClusterID returns the uid of the k8s cluster's kube-system namespace, which is used as the cluster's globally unique ID.
func IsRunningInCluster ¶
func IsRunningInCluster() bool
IsRunningInCluster helps determine if the application is running inside a Kubernetes cluster.
func NewClientSet ¶
func NewClientSet() (*kubernetes.Clientset, error)
NewClientSet returns a new Kubernetes clientset based on the execution environment.
func NewStream ¶
func NewStream(ctx context.Context, logger *zap.SugaredLogger, conn *grpc.ClientConn) (*streamManager, error)
NewStream returns a new stream.
func ServerIsHealthy ¶
func ServerIsHealthy() bool
ServerIsHealthy checks if a deadlock has occured within the threaded resource listing process.
func SetUpOAuthConnection ¶
func SetUpOAuthConnection(ctx context.Context, logger *zap.SugaredLogger, tokenURL string, TlsSkipVerify bool, clientID string, clientSecret string) (*grpc.ClientConn, error)
SetUpOAuthConnection establishes a gRPC connection using OAuth credentials and logging the process.
Types ¶
type CacheManager ¶
type CacheManager struct {
// contains filtered or unexported fields
}
CacheManager contains the cache that is used to store seen events.
type Credentials ¶
type Credentials struct { ClientID string `json:"client_id"` ClientSecret string `json:"client_secret"` }
Credentials contains attributes that are needed for onboarding.
type CredentialsManager ¶
type CredentialsManager struct { Credentials Credentials Logger *zap.SugaredLogger }
CredentialsManager holds credentials and a logger.
func (*CredentialsManager) Onboard ¶
func (am *CredentialsManager) Onboard(ctx context.Context, TlsSkipVerify bool, OnboardingEndpoint string) (OnboardResponse, error)
Onboard onboards this cluster with CloudSecure using the onboarding credentials and obtains OAuth 2 credentials for this cluster.
type EnvironmentConfig ¶
type EnvironmentConfig struct { // Whether to skip TLS certificate verification when starting a stream. TlsSkipVerify bool // URL of the onboarding endpoint. OnboardingEndpoint string // URL of the token endpoint. TokenEndpoint string // Client ID for onboarding. "" if not specified, i.e. if the operator is not meant to onboard itself. OnboardingClientId string // Client secret for onboarding. "" if not specified, i.e. if the operator is not meant to onboard itself. OnboardingClientSecret string // K8s cluster secret name. ClusterCreds string }
type OnboardResponse ¶
type ResourceManager ¶
type ResourceManager struct {
// contains filtered or unexported fields
}
ResourceManager encapsulates components for listing and managing Kubernetes resources.
func (*ResourceManager) DyanmicListAndWatchResources ¶
func (r *ResourceManager) DyanmicListAndWatchResources(ctx context.Context, cancel context.CancelFunc, resource string, allResourcesSnapshotted *sync.WaitGroup, snapshotCompleted *sync.WaitGroup)
DynamicListAndWatchResources lists and watches the specified resource dynamically, managing context cancellation and synchronization with wait groups.
func (*ResourceManager) DynamicListResources ¶
func (r *ResourceManager) DynamicListResources(ctx context.Context, resource string) (string, CacheManager, error)
DynamicListResources lists a specifed resource dynamically and sends down the current gRPC stream.
type SecretManager ¶
type SecretManager struct {
Logger *zap.SugaredLogger
}
SecretManager keeps a logger for its own methods.
func (*SecretManager) DoesK8sSecretExist ¶
func (sm *SecretManager) DoesK8sSecretExist(ctx context.Context, secretName string) bool
func (*SecretManager) GetOnboardingCredentials ¶
func (sm *SecretManager) GetOnboardingCredentials(ctx context.Context, clientID string, clientSecret string) (Credentials, error)
GetOnboardingCredentials returns credentials to onboard this cluster with CloudSecure.
func (*SecretManager) ReadCredentialsK8sSecrets ¶
func (sm *SecretManager) ReadCredentialsK8sSecrets(ctx context.Context, secretName string) (string, string, error)
ReadK8sSecret takes a secretName and reads the file.
func (*SecretManager) WriteK8sSecret ¶
func (sm *SecretManager) WriteK8sSecret(ctx context.Context, keyData OnboardResponse, ClusterCreds string) error
WriteK8sSecret takes an OnboardResponse and writes it to a locally kept secret.