Documentation ¶
Index ¶
- Constants
- func ClientSetFromFile(path string) (*kubeclient.Clientset, error)
- func CreateBasic(serverURL, clusterName, userName string, caCert []byte) *clientcmdapi.Config
- func CreateWithCert(serverURL, clusterName, userName string, caCert []byte, cert []byte, ...) *clientcmdapi.Config
- func CreateWithToken(serverURL, clusterName, userName string, caCert []byte, token string) *clientcmdapi.Config
- func NewCmdRegister(parentCommand string) *cobra.Command
- func ToClientSet(config *clientcmdapi.Config) (*kubeclient.Clientset, error)
- func WriteToDisk(filename string, kubeconfig *clientcmdapi.Config) error
- type BootstrapTokenDiscovery
- type CommandRegisterOption
Constants ¶
const ( // KarmadaDir is the directory Karmada owns for storing various configuration files KarmadaDir = "/etc/karmada" // CACertPath defines default location of CA certificate on Linux CACertPath = "/etc/karmada/pki/ca.crt" // ClusterPermissionPrefix defines the common name of karmada agent certificate ClusterPermissionPrefix = "system:node:" // ClusterPermissionGroups defines the organization of karmada agent certificate ClusterPermissionGroups = "system:nodes" // KarmadaAgentBootstrapKubeConfigFileName defines the file name for the kubeconfig that the karmada-agent will use to do // the TLS bootstrap to get itself an unique credential KarmadaAgentBootstrapKubeConfigFileName = "bootstrap-karmada-agent.conf" // KarmadaAgentKubeConfigFileName defines the file name for the kubeconfig that the karmada-agent will use to do // the TLS bootstrap to get itself an unique credential KarmadaAgentKubeConfigFileName = "karmada-agent.conf" // KarmadaKubeconfigName is the name of karmada kubeconfig KarmadaKubeconfigName = "karmada-kubeconfig" // KarmadaAgentName is the name of karmada-agent KarmadaAgentName = "karmada-agent" // KarmadaAgentServiceAccountName is the name of karmada-agent serviceaccount KarmadaAgentServiceAccountName = "karmada-agent-sa" // SignerName defines the signer name for csr, 'kubernetes.io/kube-apiserver-client-kubelet' can sign the csr automatically SignerName = "kubernetes.io/kube-apiserver-client-kubelet" // BootstrapUserName defines bootstrap user name BootstrapUserName = "token-bootstrap-client" // DefaultClusterName defines the default cluster name DefaultClusterName = "karmada-apiserver" // TokenUserName defines token user TokenUserName = "tls-bootstrap-token-user" // DefaultDiscoveryTimeout specifies the default discovery timeout for register command DefaultDiscoveryTimeout = 5 * time.Minute // DiscoveryRetryInterval specifies how long register command should wait before retrying to connect to the control-plane when doing discovery DiscoveryRetryInterval = 5 * time.Second // DefaultCertExpirationSeconds define the expiration time of certificate DefaultCertExpirationSeconds int32 = 86400 * 365 )
Variables ¶
This section is empty.
Functions ¶
func ClientSetFromFile ¶
func ClientSetFromFile(path string) (*kubeclient.Clientset, error)
ClientSetFromFile returns a ready-to-use client from a kubeconfig file
func CreateBasic ¶
func CreateBasic(serverURL, clusterName, userName string, caCert []byte) *clientcmdapi.Config
CreateBasic creates a basic, general KubeConfig object that then can be extended
func CreateWithCert ¶
func CreateWithCert(serverURL, clusterName, userName string, caCert []byte, cert []byte, key []byte) *clientcmdapi.Config
CreateWithCert creates a KubeConfig object with access to the API server with a cert
func CreateWithToken ¶
func CreateWithToken(serverURL, clusterName, userName string, caCert []byte, token string) *clientcmdapi.Config
CreateWithToken creates a KubeConfig object with access to the API server with a token
func NewCmdRegister ¶
NewCmdRegister defines the `register` command that registers a cluster.
func ToClientSet ¶
func ToClientSet(config *clientcmdapi.Config) (*kubeclient.Clientset, error)
ToClientSet converts a KubeConfig object to a client
func WriteToDisk ¶
func WriteToDisk(filename string, kubeconfig *clientcmdapi.Config) error
WriteToDisk writes a KubeConfig object down to disk with mode 0600
Types ¶
type BootstrapTokenDiscovery ¶
type BootstrapTokenDiscovery struct { // Token is a token used to validate cluster information // fetched from the control-plane. Token string // APIServerEndpoint is an IP or domain name to the API server from which info will be fetched. APIServerEndpoint string // CACertHashes specifies a set of public key pins to verify // when token-based discovery is used. The root CA found during discovery // must match one of these values. Specifying an empty set disables root CA // pinning, which can be unsafe. Each hash is specified as "<type>:<value>", // where the only currently supported type is "sha256". This is a hex-encoded // SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded // ASN.1. These hashes can be calculated using, for example, OpenSSL. CACertHashes []string // UnsafeSkipCAVerification allows token-based discovery // without CA verification via CACertHashes. This can weaken // the security of register command since other clusters can impersonate the control-plane. UnsafeSkipCAVerification bool }
BootstrapTokenDiscovery is used to set the options for bootstrap token based discovery
type CommandRegisterOption ¶
type CommandRegisterOption struct { // KubeConfig holds the KUBECONFIG file path. KubeConfig string // Context is the name of the cluster context in KUBECONFIG file. // Default value is the current-context. Context string // Namespace is the namespace that karmada-agent component deployed. Namespace string // ClusterNamespace holds the namespace name where the member cluster secrets are stored. ClusterNamespace string // ClusterName is the cluster's name that we are going to join with. ClusterName string // ClusterProvider is the cluster's provider. ClusterProvider string // ClusterRegion represents the region of the cluster locate in. ClusterRegion string // EnableCertRotation indicates if enable certificate rotation for karmada-agent. EnableCertRotation bool // CACertPath is the path to the SSL certificate authority used to // secure comunications between member cluster and karmada-control-plane. // Defaults to "/etc/karmada/pki/ca.crt". CACertPath string // BootstrapToken is used to set the options for bootstrap token based discovery BootstrapToken *BootstrapTokenDiscovery // Timeout is the max discovery time Timeout time.Duration // CertExpirationSeconds define the expiration time of certificate CertExpirationSeconds int32 // KarmadaSchedulerImage is the image of karmada agent. KarmadaAgentImage string // KarmadaAgentReplicas is the number of karmada agent. KarmadaAgentReplicas int32 // DryRun tells if run the command in dry-run mode, without making any server requests. DryRun bool // contains filtered or unexported fields }
CommandRegisterOption holds all command options.
func (*CommandRegisterOption) Complete ¶
func (o *CommandRegisterOption) Complete(args []string) error
Complete ensures that options are valid and marshals them if necessary.
func (*CommandRegisterOption) Run ¶
func (o *CommandRegisterOption) Run(parentCommand string) error
Run is the implementation of the 'register' command.
func (*CommandRegisterOption) Validate ¶
func (o *CommandRegisterOption) Validate() error
Validate checks option and return a slice of found errs.