Documentation ¶
Index ¶
- Constants
- Variables
- func GetEgressSelectorDial(networkContext egressselector.NetworkContext, egressSelectorConfig string) (utilnet.DialFunc, error)
- func IgnoreErrConfigNotFound(err error) error
- func LoadDefaultConfig(context string) (*rest.Config, error)
- func LoadDefaultNamespace() string
- func SetupControllerWithManager(mgr ctrl.Manager, c Controller) error
- func WithNamePrefix(prefix string) func(*BindFlagOptions)
- func WithNameSuffix(suffix string) func(*BindFlagOptions)
- type BindFlagOptions
- type Context
- type Controller
- type ControllerOptions
- type EgressSelectionName
- type EgressSelectorConfig
- type FileLoader
- type FileStore
- type GetConfigOption
- type GetConfigOptions
- type Getter
- type GetterOptions
- type Loader
- type MemoryStore
- type NewControllerFunc
- type NewRESTConfigRotatorFunc
- type SecretLoader
- type SecretLoaderOption
- type SecretLoaderOptions
- type SecretStore
- type SecretStoreOption
- type SecretStoreOptions
- type Store
- type WithField
- type WithFieldOwner
- type WithOverrides
- type WithRotate
Constants ¶
const ( // KubeconfigFlagName is the name of the kubeconfig flag. KubeconfigFlagName = "kubeconfig" // KubeconfigSecretNameFlagName is the name of the kubeconfig-secret-name flag. KubeconfigSecretNameFlagName = "kubeconfig-secret-name" // KubeconfigSecretNamespaceFlagName is the name of the kubeconfig-secret-namespace flag. KubeconfigSecretNamespaceFlagName = "kubeconfig-secret-namespace" // BootstrapKubeconfigFlagName is the name of the bootstrap-kubeconfig flag. BootstrapKubeconfigFlagName = "bootstrap-kubeconfig" // RotateCertificatesFlagName is the name of the rotate flag. RotateCertificatesFlagName = "rotate-certificates" // EgressSelectorConfigFlagName is the name of the egress-selector-config flag. EgressSelectorConfigFlagName = "egress-selector-config" )
const ( DefaultSecretKubeconfigField = "kubeconfig" DefaultSecretConfigReadWriterFieldOwner = client.FieldOwner("ironcore.dev/config-read-writer") )
Variables ¶
var ErrConfigNotFound = errors.New("config not found")
var RotateCertificates = WithRotate(true)
RotateCertificates enables certificate rotation.
Functions ¶
func GetEgressSelectorDial ¶
func GetEgressSelectorDial(networkContext egressselector.NetworkContext, egressSelectorConfig string) (utilnet.DialFunc, error)
func IgnoreErrConfigNotFound ¶
func LoadDefaultNamespace ¶
func LoadDefaultNamespace() string
func SetupControllerWithManager ¶
func SetupControllerWithManager(mgr ctrl.Manager, c Controller) error
func WithNamePrefix ¶
func WithNamePrefix(prefix string) func(*BindFlagOptions)
WithNamePrefix adds a flag name prefix to all flags.
func WithNameSuffix ¶
func WithNameSuffix(suffix string) func(*BindFlagOptions)
WithNameSuffix adds a flag name suffix to all flags.
Types ¶
type BindFlagOptions ¶
type BindFlagOptions struct { // NameFunc can modify the flag names if non-nil. NameFunc func(string) string }
BindFlagOptions are options for GetConfigOptions.BindFlags.
type Context ¶
type Context string
Context allows specifying the context to load.
func (Context) ApplyToGetConfig ¶
func (c Context) ApplyToGetConfig(o *GetConfigOptions)
ApplyToGetConfig implements GetConfigOption.
type Controller ¶
type Controller interface { manager.Runnable healthz.HealthChecker Init(ctx context.Context, force bool) error TransportConfig() *rest.Config ClientConfig() *rest.Config }
func NewController ¶
func NewController(ctx context.Context, store Store, bootstrapCfg *rest.Config, opts ControllerOptions) (Controller, error)
type ControllerOptions ¶
type ControllerOptions struct { Name string SignerName string Template *x509.CertificateRequest GetUsages func(privateKey any) []certificatesv1.KeyUsage RequestedDuration *time.Duration LogConstructor func() logr.Logger DialFunc utilnet.DialFunc ForceInitial bool NewRESTConfigRotator NewRESTConfigRotatorFunc }
type EgressSelectionName ¶
type EgressSelectionName string
EgressSelectionName is the name of the egress configuration to use.
const ( // EgressSelectionNameControlPlane instructs to use the controlplane egress selection. EgressSelectionNameControlPlane EgressSelectionName = "controlplane" // EgressSelectionNameEtcd instructs to use the etcd egress selection. EgressSelectionNameEtcd EgressSelectionName = "etcd" // EgressSelectionNameCluster instructs to use the cluster egress selection. EgressSelectionNameCluster EgressSelectionName = "cluster" )
func (EgressSelectionName) NetworkContext ¶
func (n EgressSelectionName) NetworkContext() (egressselector.NetworkContext, error)
NetworkContext returns the corresponding network context of the egress selection.
type EgressSelectorConfig ¶
type EgressSelectorConfig string
EgressSelectorConfig allows specifying the path to an egress selector config to use.
func (EgressSelectorConfig) ApplyToGetConfig ¶
func (c EgressSelectorConfig) ApplyToGetConfig(o *GetConfigOptions)
ApplyToGetConfig implements GetConfigOption.
type FileLoader ¶
type FileLoader string
func (FileLoader) Load ¶
func (l FileLoader) Load(ctx context.Context, overrides *clientcmd.ConfigOverrides) (*rest.Config, error)
type GetConfigOption ¶
type GetConfigOption interface { // ApplyToGetConfig modifies the underlying GetConfigOptions. ApplyToGetConfig(o *GetConfigOptions) }
GetConfigOption are options to a GetConfig call.
type GetConfigOptions ¶
type GetConfigOptions struct { // Context is the kubeconfig context to load. Context string // Kubeconfig specifies where to get the kubeconfig from. Kubeconfig string // KubeconfigSecretName instructs to get the kubeconfig from a secret with the given name. KubeconfigSecretName string // KubeconfigSecretNamespace instructs to get the kubeconfig from a secret within the given namespace. // If unset, LoadDefaultNamespace will be used to determine the namespace. KubeconfigSecretNamespace string // KubeconfigSecretField specifies the field of the secret to get the kubeconfig from. // If unset, DefaultSecretKubeconfigField will be used. KubeconfigSecretField string // BootstrapKubeconfig specifies the path to the bootstrap kubeconfig to load. // The bootstrap kubeconfig will be used to request an up-to-date certificate for the kube-apiserver. BootstrapKubeconfig string // RotateCertificates specifies whether kubeconfig should be automatically rotated. RotateCertificates bool // EgressSelectorConfig is the path to an egress selector config to load. EgressSelectorConfig string }
GetConfigOptions are options to supply for a GetConfig call.
func (*GetConfigOptions) ApplyOptions ¶
func (o *GetConfigOptions) ApplyOptions(opts []GetConfigOption)
ApplyOptions applies all GetConfigOption tro this GetConfigOptions.
func (*GetConfigOptions) ApplyToGetConfig ¶
func (o *GetConfigOptions) ApplyToGetConfig(o2 *GetConfigOptions)
ApplyToGetConfig implements GetConfigOption.
func (*GetConfigOptions) BindFlags ¶
func (o *GetConfigOptions) BindFlags(fs *pflag.FlagSet, opts ...func(*BindFlagOptions))
BindFlags binds values of GetConfigOptions as flags to the given flag set.
type Getter ¶
type Getter struct {
// contains filtered or unexported fields
}
func NewGetter ¶
func NewGetter(opts GetterOptions) (*Getter, error)
func NewGetterOrDie ¶
func NewGetterOrDie(opts GetterOptions) *Getter
func (*Getter) GetConfig ¶
func (g *Getter) GetConfig(ctx context.Context, opts ...GetConfigOption) (*rest.Config, Controller, error)
GetConfig creates a *rest.Config for talking to a Kubernetes API server. Kubeconfig / the '--kubeconfig' flag instruct to use the kubeconfig file at that location. Otherwise, will assume running in cluster and use the cluster provided kubeconfig.
It also applies saner defaults for QPS and burst based on the Kubernetes controller manager defaults (20 QPS, 30 burst)
Config precedence ¶
* Kubeconfig / --kubeconfig value / flag pointing at a file
* KUBECONFIG environment variable pointing at a file
* In-cluster config if running in cluster
* $HOME/.kube/config if exists.
func (*Getter) GetConfigOrDie ¶
func (g *Getter) GetConfigOrDie(ctx context.Context, opts ...GetConfigOption) (*rest.Config, Controller)
GetConfigOrDie creates a *rest.Config for talking to a Kubernetes apiserver. If Kubeconfig / --kubeconfig is set, will use the kubeconfig file at that location. Otherwise, will assume running in cluster and use the cluster provided kubeconfig.
Will log an error and exit if there is an error creating the rest.Config.
type GetterOptions ¶
type GetterOptions struct { Name string SignerName string Template *x509.CertificateRequest GetUsages func(privateKey any) []certificatesv1.KeyUsage RequestedDuration *time.Duration LogConstructor func() logr.Logger NewController NewControllerFunc ForceInitial bool NetworkContext egressselector.NetworkContext }
type Loader ¶
type Loader interface {
Load(ctx context.Context, overrides *clientcmd.ConfigOverrides) (*rest.Config, error)
}
func LoaderFromOptions ¶
func LoaderFromOptions(o *GetConfigOptions) (Loader, error)
type MemoryStore ¶
type MemoryStore struct {
// contains filtered or unexported fields
}
type NewControllerFunc ¶
type NewControllerFunc func(ctx context.Context, store Store, bootstrapCfg *rest.Config, opts ControllerOptions) (Controller, error)
type NewRESTConfigRotatorFunc ¶
type NewRESTConfigRotatorFunc func(cfg, bootstrapCfg *rest.Config, opts utilrest.ConfigRotatorOptions) (utilrest.ConfigRotator, error)
type SecretLoader ¶
type SecretLoader struct {
// contains filtered or unexported fields
}
func NewSecretLoader ¶
func NewSecretLoader(rd client.Reader, key client.ObjectKey, opts ...SecretLoaderOption) *SecretLoader
func (*SecretLoader) Load ¶
func (l *SecretLoader) Load(ctx context.Context, overrides *clientcmd.ConfigOverrides) (*rest.Config, error)
type SecretLoaderOption ¶
type SecretLoaderOption interface {
ApplyToSecretLoader(o *SecretLoaderOptions)
}
type SecretLoaderOptions ¶
type SecretLoaderOptions struct {
Field string
}
func (*SecretLoaderOptions) ApplyOptions ¶
func (o *SecretLoaderOptions) ApplyOptions(opts []SecretLoaderOption)
func (*SecretLoaderOptions) ApplyToSecretLoader ¶
func (o *SecretLoaderOptions) ApplyToSecretLoader(o2 *SecretLoaderOptions)
type SecretStore ¶
type SecretStore struct {
// contains filtered or unexported fields
}
func NewSecretStore ¶
func NewSecretStore( c client.Client, key client.ObjectKey, opts ...SecretStoreOption, ) *SecretStore
type SecretStoreOption ¶
type SecretStoreOption interface {
ApplyToSecretConfigStore(o *SecretStoreOptions)
}
type SecretStoreOptions ¶
type SecretStoreOptions struct { Field string FieldOwner client.FieldOwner }
func (*SecretStoreOptions) ApplyOptions ¶
func (o *SecretStoreOptions) ApplyOptions(opts []SecretStoreOption)
func (*SecretStoreOptions) ApplyToSecretConfigStore ¶
func (o *SecretStoreOptions) ApplyToSecretConfigStore(o2 *SecretStoreOptions)
type Store ¶
type Store interface { Get(ctx context.Context) (*rest.Config, error) Set(ctx context.Context, cfg *rest.Config) error }
func StoreFromOptions ¶
func StoreFromOptions(o *GetConfigOptions) (Store, error)
type WithField ¶
type WithField string
func (WithField) ApplyToSecretConfigStore ¶
func (w WithField) ApplyToSecretConfigStore(o *SecretStoreOptions)
func (WithField) ApplyToSecretLoader ¶
func (w WithField) ApplyToSecretLoader(o *SecretLoaderOptions)
type WithFieldOwner ¶
type WithFieldOwner client.FieldOwner
func (WithFieldOwner) ApplyToSecretConfigStore ¶
func (w WithFieldOwner) ApplyToSecretConfigStore(o *SecretStoreOptions)
type WithOverrides ¶
type WithOverrides clientcmd.ConfigOverrides
type WithRotate ¶
type WithRotate bool
WithRotate sets GetConfigOptions.RotateCertificates to the specified boolean.
func (WithRotate) ApplyToGetConfig ¶
func (w WithRotate) ApplyToGetConfig(o *GetConfigOptions)
ApplyToGetConfig implements GetConfigOption.