Documentation ¶
Index ¶
- Constants
- func WithTrailingDot(s string) string
- type Admission
- type AuditLog
- type AuthTokens
- type Authentication
- type AwsEnvironment
- type AwsNodeLabels
- type CachedEncryptor
- type Cluster
- func (c *Cluster) AvailabilityZones() []string
- func (c Cluster) Config() (*Config, error)
- func (c *Cluster) EtcdCluster() derived.EtcdCluster
- func (c Cluster) EtcdIndexEnvVarName() string
- func (c Cluster) EtcdNodeEnvFileName() string
- func (c *Cluster) Load() error
- func (c *Cluster) NewTLSAssetsOnDisk(dir string, renderCredentialsOpts CredentialsOptions, caKey *rsa.PrivateKey, ...) (*RawTLSAssetsOnDisk, error)
- func (c *Cluster) NewTLSAssetsOnMemory(caKey *rsa.PrivateKey, caCert *x509.Certificate) (*RawTLSAssetsOnMemory, error)
- func (c *Cluster) NewTLSCA() (*rsa.PrivateKey, *x509.Certificate, error)
- func (c *Cluster) SetDefaults()
- func (c Cluster) StackConfig(opts StackTemplateOptions) (*StackConfig, error)
- func (c Cluster) StackName() string
- func (c Cluster) StackNameEnvVarName() string
- func (c *Cluster) ValidateExistingVPC(existingVPCCIDR string, existingSubnetCIDRS []string) error
- type ClusterAutoscalerSupport
- type CompactAuthTokens
- type CompactTLSAssets
- type CompressedStackConfig
- type ComputedDeploymentSettings
- type Config
- type ControllerSettings
- type CredentialsOptions
- type DefaultWorkerSettings
- type DeploymentSettings
- func (s DeploymentSettings) AllSubnets() []model.Subnet
- func (c DeploymentSettings) AssetsEncryptionEnabled() bool
- func (c DeploymentSettings) FindNATGatewayForPrivateSubnet(s model.Subnet) (*model.NATGateway, error)
- func (c DeploymentSettings) FindSubnetMatching(condition model.Subnet) model.Subnet
- func (c DeploymentSettings) NATGateways() []model.NATGateway
- func (c DeploymentSettings) PrivateSubnets() []model.Subnet
- func (c DeploymentSettings) PublicSubnets() []model.Subnet
- func (c DeploymentSettings) Valid() (*DeploymentValidationResult, error)
- type DeploymentValidationResult
- type EncryptService
- type EncryptedAuthTokensOnDisk
- type EncryptedCredentialOnDisk
- type EncryptedTLSAssetsOnDisk
- type EphemeralImageStorage
- type EtcdSettings
- type Experimental
- type FlannelSettings
- type InfrastructureValidationResult
- type KMSConfig
- type Kube2IamSupport
- type KubeClusterSettings
- type LoadBalancer
- type NodeDrainer
- type NodeLabels
- type Plugins
- type PodSecurityPolicy
- type RawAuthTokensOnDisk
- type RawCredentialOnDisk
- type RawTLSAssetsOnDisk
- type RawTLSAssetsOnMemory
- type Rbac
- type StackConfig
- func (c *StackConfig) Compress() (*CompressedStackConfig, error)
- func (c *StackConfig) UserDataControllerFileName() string
- func (c *StackConfig) UserDataControllerS3Prefix() (string, error)
- func (c *StackConfig) UserDataControllerS3URI() (string, error)
- func (c *StackConfig) UserDataEtcdFileName() string
- func (c *StackConfig) UserDataEtcdS3Prefix() (string, error)
- func (c *StackConfig) UserDataEtcdS3URI() (string, error)
- func (c *StackConfig) ValidateUserData() error
- type StackTemplateOptions
- type Taint
- type TargetGroup
- type WaitSignal
- type Webhook
Constants ¶
const CacheFileExtension = "enc"
const FingerprintFileExtension = "fingerprint"
Variables ¶
This section is empty.
Functions ¶
func WithTrailingDot ¶
Types ¶
type Admission ¶
type Admission struct {
PodSecurityPolicy PodSecurityPolicy `yaml:"podSecurityPolicy"`
}
type AuthTokens ¶
type AuthTokens struct {
Contents []byte
}
Contents of the CSV file holding auth tokens. See https://kubernetes.io/docs/admin/authentication/#static-token-file
func NewAuthTokens ¶
func NewAuthTokens() AuthTokens
func (AuthTokens) WriteToDir ¶
func (r AuthTokens) WriteToDir(dirname string) error
type Authentication ¶
type Authentication struct {
Webhook Webhook `yaml:"webhook"`
}
type AwsEnvironment ¶
type AwsNodeLabels ¶
type AwsNodeLabels struct {
Enabled bool `yaml:"enabled"`
}
type CachedEncryptor ¶
type CachedEncryptor struct {
// contains filtered or unexported fields
}
func (CachedEncryptor) EncryptedCredentialFromPath ¶
func (e CachedEncryptor) EncryptedCredentialFromPath(filePath string) (*EncryptedCredentialOnDisk, error)
type Cluster ¶
type Cluster struct { KubeClusterSettings `yaml:",inline"` DeploymentSettings `yaml:",inline"` DefaultWorkerSettings `yaml:",inline"` ControllerSettings `yaml:",inline"` EtcdSettings `yaml:",inline"` FlannelSettings `yaml:",inline"` ServiceCIDR string `yaml:"serviceCIDR,omitempty"` CreateRecordSet bool `yaml:"createRecordSet,omitempty"` RecordSetTTL int `yaml:"recordSetTTL,omitempty"` TLSCADurationDays int `yaml:"tlsCADurationDays,omitempty"` TLSCertDurationDays int `yaml:"tlsCertDurationDays,omitempty"` HostedZoneID string `yaml:"hostedZoneId,omitempty"` ProvidedEncryptService EncryptService CustomSettings map[string]interface{} `yaml:"customSettings,omitempty"` }
func ClusterFromBytes ¶
ClusterFromBytes Necessary for unit tests, which store configs as hardcoded strings
func ClusterFromBytesWithEncryptService ¶
func ClusterFromBytesWithEncryptService(data []byte, encryptService EncryptService) (*Cluster, error)
func ClusterFromFile ¶
func NewDefaultCluster ¶
func NewDefaultCluster() *Cluster
func (*Cluster) AvailabilityZones ¶
Returns the availability zones referenced by the cluster configuration
func (*Cluster) EtcdCluster ¶
func (c *Cluster) EtcdCluster() derived.EtcdCluster
func (Cluster) EtcdIndexEnvVarName ¶
func (Cluster) EtcdNodeEnvFileName ¶
func (*Cluster) NewTLSAssetsOnDisk ¶
func (c *Cluster) NewTLSAssetsOnDisk(dir string, renderCredentialsOpts CredentialsOptions, caKey *rsa.PrivateKey, caCert *x509.Certificate) (*RawTLSAssetsOnDisk, error)
func (*Cluster) NewTLSAssetsOnMemory ¶
func (c *Cluster) NewTLSAssetsOnMemory(caKey *rsa.PrivateKey, caCert *x509.Certificate) (*RawTLSAssetsOnMemory, error)
func (*Cluster) NewTLSCA ¶
func (c *Cluster) NewTLSCA() (*rsa.PrivateKey, *x509.Certificate, error)
func (*Cluster) SetDefaults ¶
func (c *Cluster) SetDefaults()
func (Cluster) StackConfig ¶
func (c Cluster) StackConfig(opts StackTemplateOptions) (*StackConfig, error)
func (Cluster) StackName ¶
StackName returns the logical name of a CloudFormation stack resource in a root stack template This is not needed to be unique in an AWS account because the actual name of a nested stack is generated randomly by CloudFormation by including the logical name. This is NOT intended to be used to reference stack name from cloud-config as the target of awscli or cfn-bootstrap-tools commands e.g. `cfn-init` and `cfn-signal`
func (Cluster) StackNameEnvVarName ¶
type ClusterAutoscalerSupport ¶
type ClusterAutoscalerSupport struct {
Enabled bool `yaml:"enabled"`
}
type CompactAuthTokens ¶
type CompactAuthTokens struct {
Contents string
}
Encrypted -> gzip -> base64 encoded auth token file contents.
func ReadOrCreateCompactAuthTokens ¶
func ReadOrCreateCompactAuthTokens(dirname string, kmsConfig KMSConfig) (*CompactAuthTokens, error)
func ReadOrCreateUnecryptedCompactAuthTokens ¶
func ReadOrCreateUnecryptedCompactAuthTokens(dirname string) (*CompactAuthTokens, error)
func (*CompactAuthTokens) HasTokens ¶
func (t *CompactAuthTokens) HasTokens() bool
type CompactTLSAssets ¶
type CompactTLSAssets struct { CACert string CAKey string APIServerCert string APIServerKey string WorkerCert string WorkerKey string AdminCert string AdminKey string EtcdCert string EtcdClientCert string EtcdClientKey string EtcdKey string }
PEM -> encrypted -> gzip -> base64 encoded TLS assets.
func ReadOrCreateCompactTLSAssets ¶
func ReadOrCreateCompactTLSAssets(tlsAssetsDir string, kmsConfig KMSConfig) (*CompactTLSAssets, error)
func ReadOrCreateUnecryptedCompactTLSAssets ¶
func ReadOrCreateUnecryptedCompactTLSAssets(tlsAssetsDir string) (*CompactTLSAssets, error)
type CompressedStackConfig ¶
type CompressedStackConfig struct {
*StackConfig
}
func (*CompressedStackConfig) RenderStackTemplateAsBytes ¶
func (c *CompressedStackConfig) RenderStackTemplateAsBytes() ([]byte, error)
func (*CompressedStackConfig) RenderStackTemplateAsString ¶
func (c *CompressedStackConfig) RenderStackTemplateAsString() (string, error)
type ComputedDeploymentSettings ¶
type ComputedDeploymentSettings struct {
AMI string
}
Part of configuration which can't be provided via user input but is computed from user input
type Config ¶
type Config struct { Cluster EtcdNodes []derived.EtcdNode // Encoded auth tokens AuthTokensConfig *CompactAuthTokens // Encoded TLS assets TLSConfig *CompactTLSAssets }
func ConfigFromBytes ¶
func (Config) InternetGatewayLogicalName ¶
func (Config) InternetGatewayRef ¶
func (Config) VPCLogicalName ¶
type ControllerSettings ¶
type ControllerSettings struct { model.Controller `yaml:"controller,omitempty"` ControllerCount int `yaml:"controllerCount,omitempty"` ControllerCreateTimeout string `yaml:"controllerCreateTimeout,omitempty"` ControllerInstanceType string `yaml:"controllerInstanceType,omitempty"` ControllerRootVolumeType string `yaml:"controllerRootVolumeType,omitempty"` ControllerRootVolumeIOPS int `yaml:"controllerRootVolumeIOPS,omitempty"` ControllerRootVolumeSize int `yaml:"controllerRootVolumeSize,omitempty"` ControllerTenancy string `yaml:"controllerTenancy,omitempty"` }
Part of configuration which is specific to controller nodes
func (ControllerSettings) ControllerRollingUpdateMinInstancesInService ¶
func (c ControllerSettings) ControllerRollingUpdateMinInstancesInService() int
func (ControllerSettings) MaxControllerCount ¶
func (c ControllerSettings) MaxControllerCount() int
func (ControllerSettings) MinControllerCount ¶
func (c ControllerSettings) MinControllerCount() int
func (ControllerSettings) Valid ¶
func (c ControllerSettings) Valid() error
type CredentialsOptions ¶
type DefaultWorkerSettings ¶
type DefaultWorkerSettings struct { WorkerCount int `yaml:"workerCount,omitempty"` WorkerCreateTimeout string `yaml:"workerCreateTimeout,omitempty"` WorkerInstanceType string `yaml:"workerInstanceType,omitempty"` WorkerRootVolumeType string `yaml:"workerRootVolumeType,omitempty"` WorkerRootVolumeIOPS int `yaml:"workerRootVolumeIOPS,omitempty"` WorkerRootVolumeSize int `yaml:"workerRootVolumeSize,omitempty"` WorkerSpotPrice string `yaml:"workerSpotPrice,omitempty"` WorkerSecurityGroupIds []string `yaml:"workerSecurityGroupIds,omitempty"` WorkerTenancy string `yaml:"workerTenancy,omitempty"` WorkerTopologyPrivate bool `yaml:"workerTopologyPrivate,omitempty"` }
Part of configuration which is specific to worker nodes
func (DefaultWorkerSettings) Valid ¶
func (c DefaultWorkerSettings) Valid() error
type DeploymentSettings ¶
type DeploymentSettings struct { ComputedDeploymentSettings ClusterName string `yaml:"clusterName,omitempty"` KeyName string `yaml:"keyName,omitempty"` Region model.Region `yaml:",inline"` AvailabilityZone string `yaml:"availabilityZone,omitempty"` ReleaseChannel string `yaml:"releaseChannel,omitempty"` AmiId string `yaml:"amiId,omitempty"` VPCID string `yaml:"vpcId,omitempty"` InternetGatewayID string `yaml:"internetGatewayId,omitempty"` RouteTableID string `yaml:"routeTableId,omitempty"` // Required for validations like e.g. if instance cidr is contained in vpc cidr VPCCIDR string `yaml:"vpcCIDR,omitempty"` InstanceCIDR string `yaml:"instanceCIDR,omitempty"` K8sVer string `yaml:"kubernetesVersion,omitempty"` ContainerRuntime string `yaml:"containerRuntime,omitempty"` KMSKeyARN string `yaml:"kmsKeyArn,omitempty"` StackTags map[string]string `yaml:"stackTags,omitempty"` Subnets []model.Subnet `yaml:"subnets,omitempty"` EIPAllocationIDs []string `yaml:"eipAllocationIDs,omitempty"` MapPublicIPs bool `yaml:"mapPublicIPs,omitempty"` ElasticFileSystemID string `yaml:"elasticFileSystemId,omitempty"` SSHAuthorizedKeys []string `yaml:"sshAuthorizedKeys,omitempty"` Experimental Experimental `yaml:"experimental"` ManageCertificates bool `yaml:"manageCertificates,omitempty"` WaitSignal WaitSignal `yaml:"waitSignal"` // Images repository HyperkubeImage model.Image `yaml:"hyperkubeImage,omitempty"` AWSCliImage model.Image `yaml:"awsCliImage,omitempty"` CalicoNodeImage model.Image `yaml:"calicoNodeImage,omitempty"` CalicoCniImage model.Image `yaml:"calicoCniImage,omitempty"` CalicoCtlImage model.Image `yaml:"calicoCtlImage,omitempty"` CalicoPolicyControllerImage model.Image `yaml:"calicoPolicyControllerImage,omitempty"` ClusterAutoscalerImage model.Image `yaml:"clusterAutoscalerImage,omitempty"` KubeDnsImage model.Image `yaml:"kubeDnsImage,omitempty"` KubeDnsMasqImage model.Image `yaml:"kubeDnsMasqImage,omitempty"` DnsMasqMetricsImage model.Image `yaml:"dnsMasqMetricsImage,omitempty"` ExecHealthzImage model.Image `yaml:"execHealthzImage,omitempty"` HeapsterImage model.Image `yaml:"heapsterImage,omitempty"` AddonResizerImage model.Image `yaml:"addonResizerImage,omitempty"` KubeDashboardImage model.Image `yaml:"kubeDashboardImage,omitempty"` PauseImage model.Image `yaml:"pauseImage,omitempty"` }
Part of configuration which can be customized for each type/group of nodes(etcd/controller/worker/) by its nature.
Please beware that it is described as just "by its nature". Whether it can actually be customized or not depends on you use node pools or not. If you've chosen to create a single cluster including all the worker, controller, etcd nodes within a single cfn stack, you can't customize per group of nodes. If you've chosen to create e.g. a separate node pool for each type of worker nodes, you can customize per node pool.
Though it is highly configurable, it's basically users' responsibility to provide `correct` values if they're going beyond the defaults.
func (DeploymentSettings) AllSubnets ¶
func (s DeploymentSettings) AllSubnets() []model.Subnet
func (DeploymentSettings) AssetsEncryptionEnabled ¶
func (c DeploymentSettings) AssetsEncryptionEnabled() bool
func (DeploymentSettings) FindNATGatewayForPrivateSubnet ¶
func (c DeploymentSettings) FindNATGatewayForPrivateSubnet(s model.Subnet) (*model.NATGateway, error)
func (DeploymentSettings) FindSubnetMatching ¶
func (c DeploymentSettings) FindSubnetMatching(condition model.Subnet) model.Subnet
func (DeploymentSettings) NATGateways ¶
func (c DeploymentSettings) NATGateways() []model.NATGateway
func (DeploymentSettings) PrivateSubnets ¶
func (c DeploymentSettings) PrivateSubnets() []model.Subnet
func (DeploymentSettings) PublicSubnets ¶
func (c DeploymentSettings) PublicSubnets() []model.Subnet
func (DeploymentSettings) Valid ¶
func (c DeploymentSettings) Valid() (*DeploymentValidationResult, error)
type DeploymentValidationResult ¶
type DeploymentValidationResult struct {
// contains filtered or unexported fields
}
type EncryptService ¶
type EncryptService interface {
Encrypt(*kms.EncryptInput) (*kms.EncryptOutput, error)
}
type EncryptedAuthTokensOnDisk ¶
type EncryptedAuthTokensOnDisk struct {
AuthTokens EncryptedCredentialOnDisk
}
Encrypted contents of the CSV file holding auth tokens.
func ReadOrCreateEncryptedAuthTokens ¶
func ReadOrCreateEncryptedAuthTokens(dirname string, kmsConfig KMSConfig) (*EncryptedAuthTokensOnDisk, error)
func ReadOrEncryptAuthTokens ¶
func ReadOrEncryptAuthTokens(dirname string, encryptor CachedEncryptor) (*EncryptedAuthTokensOnDisk, error)
func (*EncryptedAuthTokensOnDisk) Compact ¶
func (r *EncryptedAuthTokensOnDisk) Compact() (*CompactAuthTokens, error)
type EncryptedCredentialOnDisk ¶
type EncryptedCredentialOnDisk struct {
// contains filtered or unexported fields
}
The fact KMS encryption produces different ciphertexts for the same plaintext had been causing unnecessary node replacements(https://github.com/coreos/kube-aws/issues/107) Persist encrypted assets for caching purpose so that we can avoid that.
func EncryptedCredentialCacheFromPath ¶
func EncryptedCredentialCacheFromPath(filePath string) (*EncryptedCredentialOnDisk, error)
func EncryptedCredentialCacheFromRawCredential ¶
func EncryptedCredentialCacheFromRawCredential(raw *RawCredentialOnDisk, bytesEncryptionService bytesEncryptionService) (*EncryptedCredentialOnDisk, error)
func (*EncryptedCredentialOnDisk) Fingerprint ¶
func (c *EncryptedCredentialOnDisk) Fingerprint() string
func (*EncryptedCredentialOnDisk) Persist ¶
func (c *EncryptedCredentialOnDisk) Persist() error
func (*EncryptedCredentialOnDisk) String ¶
func (c *EncryptedCredentialOnDisk) String() string
type EncryptedTLSAssetsOnDisk ¶
type EncryptedTLSAssetsOnDisk struct { CACert EncryptedCredentialOnDisk CAKey EncryptedCredentialOnDisk APIServerCert EncryptedCredentialOnDisk APIServerKey EncryptedCredentialOnDisk WorkerCert EncryptedCredentialOnDisk WorkerKey EncryptedCredentialOnDisk AdminCert EncryptedCredentialOnDisk AdminKey EncryptedCredentialOnDisk EtcdCert EncryptedCredentialOnDisk EtcdClientCert EncryptedCredentialOnDisk EtcdKey EncryptedCredentialOnDisk EtcdClientKey EncryptedCredentialOnDisk }
Encrypted PEM encoded TLS assets
func ReadOrCreateEncryptedTLSAssets ¶
func ReadOrCreateEncryptedTLSAssets(tlsAssetsDir string, kmsConfig KMSConfig) (*EncryptedTLSAssetsOnDisk, error)
func ReadOrEncryptTLSAssets ¶
func ReadOrEncryptTLSAssets(dirname string, encryptor CachedEncryptor) (*EncryptedTLSAssetsOnDisk, error)
func (*EncryptedTLSAssetsOnDisk) Compact ¶
func (r *EncryptedTLSAssetsOnDisk) Compact() (*CompactTLSAssets, error)
func (*EncryptedTLSAssetsOnDisk) WriteToDir ¶
func (r *EncryptedTLSAssetsOnDisk) WriteToDir(dirname string) error
type EphemeralImageStorage ¶
type EtcdSettings ¶
type EtcdSettings struct { model.Etcd `yaml:"etcd,omitempty"` EtcdCount int `yaml:"etcdCount"` EtcdInstanceType string `yaml:"etcdInstanceType,omitempty"` EtcdRootVolumeSize int `yaml:"etcdRootVolumeSize,omitempty"` EtcdRootVolumeType string `yaml:"etcdRootVolumeType,omitempty"` EtcdRootVolumeIOPS int `yaml:"etcdRootVolumeIOPS,omitempty"` EtcdDataVolumeSize int `yaml:"etcdDataVolumeSize,omitempty"` EtcdDataVolumeType string `yaml:"etcdDataVolumeType,omitempty"` EtcdDataVolumeIOPS int `yaml:"etcdDataVolumeIOPS,omitempty"` EtcdDataVolumeEphemeral bool `yaml:"etcdDataVolumeEphemeral,omitempty"` EtcdDataVolumeEncrypted bool `yaml:"etcdDataVolumeEncrypted,omitempty"` EtcdTenancy string `yaml:"etcdTenancy,omitempty"` }
Part of configuration which is specific to etcd nodes
func (EtcdSettings) Valid ¶
func (e EtcdSettings) Valid() error
type Experimental ¶
type Experimental struct { Admission Admission `yaml:"admission"` AuditLog AuditLog `yaml:"auditLog"` Authentication Authentication `yaml:"authentication"` AwsEnvironment AwsEnvironment `yaml:"awsEnvironment"` AwsNodeLabels AwsNodeLabels `yaml:"awsNodeLabels"` ClusterAutoscalerSupport ClusterAutoscalerSupport `yaml:"clusterAutoscalerSupport"` EphemeralImageStorage EphemeralImageStorage `yaml:"ephemeralImageStorage"` Kube2IamSupport Kube2IamSupport `yaml:"kube2IamSupport,omitempty"` LoadBalancer LoadBalancer `yaml:"loadBalancer"` TargetGroup TargetGroup `yaml:"targetGroup"` NodeDrainer NodeDrainer `yaml:"nodeDrainer"` NodeLabels NodeLabels `yaml:"nodeLabels"` Plugins Plugins `yaml:"plugins"` Taints []Taint `yaml:"taints"` model.UnknownKeys `yaml:",inline"` }
func (Experimental) Valid ¶
func (c Experimental) Valid() error
type FlannelSettings ¶
type FlannelSettings struct {
PodCIDR string `yaml:"podCIDR,omitempty"`
}
Part of configuration which is specific to flanneld
type InfrastructureValidationResult ¶
type InfrastructureValidationResult struct {
// contains filtered or unexported fields
}
type KMSConfig ¶
type KMSConfig struct { Region model.Region EncryptService EncryptService KMSKeyARN string }
type Kube2IamSupport ¶
type Kube2IamSupport struct {
Enabled bool `yaml:"enabled"`
}
type KubeClusterSettings ¶
type KubeClusterSettings struct { // Required by kubelet to locate the kube-apiserver ExternalDNSName string `yaml:"externalDNSName,omitempty"` // Required by kubelet to locate the cluster-internal dns hosted on controller nodes in the base cluster DNSServiceIP string `yaml:"dnsServiceIP,omitempty"` UseCalico bool `yaml:"useCalico,omitempty"` }
Part of configuration which is shared between controller nodes and worker nodes. Its name is prefixed with `Kube` because it doesn't relate to etcd.
func (KubeClusterSettings) APIServerEndpoint ¶
func (c KubeClusterSettings) APIServerEndpoint() string
Required by kubelet to locate the apiserver
func (KubeClusterSettings) K8sNetworkPlugin ¶
func (c KubeClusterSettings) K8sNetworkPlugin() string
Required by kubelet to use the consistent network plugin with the base cluster
func (KubeClusterSettings) Valid ¶
func (c KubeClusterSettings) Valid() (*InfrastructureValidationResult, error)
type LoadBalancer ¶
type NodeDrainer ¶
type NodeDrainer struct {
Enabled bool `yaml:"enabled"`
}
type NodeLabels ¶
func (NodeLabels) Enabled ¶
func (l NodeLabels) Enabled() bool
func (NodeLabels) String ¶
func (l NodeLabels) String() string
Returns key=value pairs separated by ',' to be passed to kubelet's `--node-labels` flag
type PodSecurityPolicy ¶
type PodSecurityPolicy struct {
Enabled bool `yaml:"enabled"`
}
type RawAuthTokensOnDisk ¶
type RawAuthTokensOnDisk struct {
AuthTokens RawCredentialOnDisk
}
Contents of the CSV file holding auth tokens.
func NewAuthTokensOnDisk ¶
func NewAuthTokensOnDisk(dir string) (*RawAuthTokensOnDisk, error)
func ReadRawAuthTokens ¶
func ReadRawAuthTokens(dirname string) (*RawAuthTokensOnDisk, error)
func (*RawAuthTokensOnDisk) Compact ¶
func (r *RawAuthTokensOnDisk) Compact() (*CompactAuthTokens, error)
type RawCredentialOnDisk ¶
type RawCredentialOnDisk struct {
// contains filtered or unexported fields
}
func RawCredentialFileFromPath ¶
func RawCredentialFileFromPath(filePath string) (*RawCredentialOnDisk, error)
func (*RawCredentialOnDisk) Fingerprint ¶
func (c *RawCredentialOnDisk) Fingerprint() string
func (*RawCredentialOnDisk) Persist ¶
func (c *RawCredentialOnDisk) Persist() error
func (*RawCredentialOnDisk) String ¶
func (c *RawCredentialOnDisk) String() string
type RawTLSAssetsOnDisk ¶
type RawTLSAssetsOnDisk struct { CACert RawCredentialOnDisk CAKey RawCredentialOnDisk APIServerCert RawCredentialOnDisk APIServerKey RawCredentialOnDisk WorkerCert RawCredentialOnDisk WorkerKey RawCredentialOnDisk AdminCert RawCredentialOnDisk AdminKey RawCredentialOnDisk EtcdCert RawCredentialOnDisk EtcdClientCert RawCredentialOnDisk EtcdKey RawCredentialOnDisk EtcdClientKey RawCredentialOnDisk }
PEM encoded TLS assets.
func ReadRawTLSAssets ¶
func ReadRawTLSAssets(dirname string) (*RawTLSAssetsOnDisk, error)
func (*RawTLSAssetsOnDisk) Compact ¶
func (r *RawTLSAssetsOnDisk) Compact() (*CompactTLSAssets, error)
type RawTLSAssetsOnMemory ¶
type RawTLSAssetsOnMemory struct { CACert []byte CAKey []byte APIServerCert []byte APIServerKey []byte WorkerCert []byte WorkerKey []byte AdminCert []byte AdminKey []byte EtcdCert []byte EtcdClientCert []byte EtcdKey []byte EtcdClientKey []byte }
PEM encoded TLS assets.
func (*RawTLSAssetsOnMemory) WriteToDir ¶
func (r *RawTLSAssetsOnMemory) WriteToDir(dirname string, includeCAKey bool) error
type StackConfig ¶
type StackConfig struct { *Config StackTemplateOptions UserDataWorker string UserDataController string UserDataEtcd string ControllerSubnetIndex int }
func (*StackConfig) Compress ¶
func (c *StackConfig) Compress() (*CompressedStackConfig, error)
func (*StackConfig) UserDataControllerFileName ¶
func (c *StackConfig) UserDataControllerFileName() string
UserDataControllerFileName is used to upload and download userdata-controller-<fingerprint> files
func (*StackConfig) UserDataControllerS3Prefix ¶
func (c *StackConfig) UserDataControllerS3Prefix() (string, error)
UserDataControllerS3Prefix is the prefix prepended to all userdata-controller-<fingerprint> files uploaded to S3 Use this to author the IAM policy to provide controller nodes least required permissions for getting the files from S3
func (*StackConfig) UserDataControllerS3URI ¶
func (c *StackConfig) UserDataControllerS3URI() (string, error)
UserDataControllerS3URI is the URI to an userdata-controller-<fingerprint> file used to provision controller nodes Use this to run download the file by running e.g. `aws cp *return value of UserDataControllerS3URI* ./`
func (*StackConfig) UserDataEtcdFileName ¶
func (c *StackConfig) UserDataEtcdFileName() string
UserDataEtcdFileName is used to upload and download userdata-etcd-<fingerprint> files
func (*StackConfig) UserDataEtcdS3Prefix ¶
func (c *StackConfig) UserDataEtcdS3Prefix() (string, error)
UserDataEtcdS3Prefix is the prefix prepended to all userdata-etcd-<fingerprint> files uploaded to S3 Use this to author the IAM policy to provide etcd nodes least required permissions for getting the files from S3
func (*StackConfig) UserDataEtcdS3URI ¶
func (c *StackConfig) UserDataEtcdS3URI() (string, error)
UserDataEtcdS3URI is the URI to an userdata-etcd-<fingerprint> file used to provision etcd nodes Use this to run download the file by running e.g. `aws cp *return value of UserDataEtcdS3URI* ./`
func (*StackConfig) ValidateUserData ¶
func (c *StackConfig) ValidateUserData() error
type StackTemplateOptions ¶
type Taint ¶
type TargetGroup ¶
type WaitSignal ¶
type WaitSignal struct { // WaitSignal is enabled by default. If you'd like to explicitly disable it, set this to `false`. // Keeping this `nil` results in the WaitSignal to be enabled. EnabledOverride *bool `yaml:"enabled"` MaxBatchSizeOverride *int `yaml:"maxBatchSize"` }
func (WaitSignal) Enabled ¶
func (s WaitSignal) Enabled() bool
func (WaitSignal) MaxBatchSize ¶
func (s WaitSignal) MaxBatchSize() int