Documentation ¶
Overview ¶
Package config implements the config for the fleet controller and agent
Index ¶
- Constants
- Variables
- func BypassSystemCAStore()
- func Exists(_ context.Context, namespace, name string, configMaps corev1.ConfigMapClient) (bool, error)
- func OnChange(ctx context.Context, f func(*Config) error)
- func Set(cfg *Config)
- func SetAndTrigger(cfg *Config) error
- func ToConfigMap(namespace, name string, cfg *Config) (*v1.ConfigMap, error)
- type AgentWorkers
- type Bootstrap
- type Config
Constants ¶
const ( ManagerConfigName = "fleet-controller" AgentConfigName = "fleet-agent" AgentBootstrapConfigName = "fleet-agent-bootstrap" AgentTLSModeStrict = "strict" AgentTLSModeSystemStore = "system-store" Key = "config" // DefaultNamespace is the default for the system namespace, which // contains the controller and agent DefaultNamespace = "cattle-fleet-system" LegacyDefaultNamespace = "fleet-system" // ImportTokenSecretValuesKey is the key in the import token secret, // which contains the values for cluster registration. ImportTokenSecretValuesKey = "values" // KubeConfigSecretValueKey is the key in the kubeconfig secret, which // contains the kubeconfig for the downstream cluster. KubeConfigSecretValueKey = "value" // APIServerURLKey is the key which contains the API server URL of the // upstream server. It is used in the controller config, the kubeconfig // secret of a cluster, the cluster registration secret "import-NAME" // and the fleet-agent-bootstrap secret. APIServerURLKey = "apiServerURL" // APIServerCAKey is the key which contains the CA of the upstream // server. APIServerCAKey = "apiServerCA" )
Variables ¶
Functions ¶
func BypassSystemCAStore ¶ added in v0.10.0
func BypassSystemCAStore()
BypassSystemCAStore is used to bypass the OS trust store in agents through env vars, see https://pkg.go.dev/crypto/x509#SystemCertPool for more info. We set values to paths belonging to the root filesystem, which is read-only, to prevent tampering. Eventually, this should not be necessary, if/when we find a way to set client-go's API Config to achieve similar effects. Note: this will not work on Windows nor Mac OS. Agents are expected to run on Linux nodes.
func OnChange ¶
OnChange is used by agentmanagement to react to config changes. The callback is triggered by 'Set' via the config controller during startup and when the configmap changes.
func Set ¶
func Set(cfg *Config)
Set doesn't trigger the callbacks, use SetAndTrigger for that. Set is used by controller-runtime controllers.
func SetAndTrigger ¶ added in v0.10.0
SetAndTrigger sets the config and triggers the callbacks. It is used by the agentmanagement wrangler controllers.
Types ¶
type AgentWorkers ¶ added in v0.11.3
type Bootstrap ¶
type Bootstrap struct { Namespace string `json:"namespace,omitempty"` AgentNamespace string `json:"agentNamespace,omitempty"` // Repo to add at install time that will deploy to the local cluster. This allows // one to fully bootstrap fleet, its configuration and all its downstream clusters // in one shot. Repo string `json:"repo,omitempty"` Secret string `json:"secret,omitempty"` // gitrepo.ClientSecretName for agent from repo Paths string `json:"paths,omitempty"` Branch string `json:"branch,omitempty"` }
type Config ¶
type Config struct { // AgentImage defaults to rancher/fleet-agent:version if empty, can include a prefixed SystemDefaultRegistry AgentImage string `json:"agentImage,omitempty"` AgentImagePullPolicy string `json:"agentImagePullPolicy,omitempty"` // SystemDefaultRegistry used by Rancher when constructing the // agentImage string, it's in the config so fleet can remove it if a // private repo url prefix is specified on the agent's cluster resource SystemDefaultRegistry string `json:"systemDefaultRegistry,omitempty"` // AgentCheckinInterval determines how often agents update their clusters status, defaults to 15m AgentCheckinInterval metav1.Duration `json:"agentCheckinInterval,omitempty"` // ManageAgent if present and set to false, no bundles will be created to manage agents ManageAgent *bool `json:"manageAgent,omitempty"` // Labels are copied to the cluster registration resource. In detail: // fleet-controller will copy the labels to the fleet-agent's config, // fleet-agent copies the labels to the cluster registration resource, // when fleet-controller accepts the registration, the labels are // copied to the cluster resource. // +optional Labels map[string]string `json:"labels,omitempty"` // ClientID of the cluster to associate with. Used by the agent only. // +optional ClientID string `json:"clientID,omitempty"` // APIServerURL is the URL of the fleet-controller's k8s API server. It // can be empty, if the value is provided in the cluster's kubeconfig // secret instead. The value is copied into the fleet-agent-bootstrap // secret on the downstream cluster. // +optional APIServerURL string `json:"apiServerURL,omitempty"` // APIServerCA is the CA bundle used to connect to the // fleet-controllers k8s API server. It can be empty, if the value is // provided in the cluster's kubeconfig secret instead. The value is // copied into the fleet-agent-bootstrap secret on the downstream // cluster. // +optional APIServerCA []byte `json:"apiServerCA,omitempty"` Bootstrap Bootstrap `json:"bootstrap,omitempty"` // IgnoreClusterRegistrationLabels if set to true, the labels on the cluster registration resource will not be copied to the cluster resource. IgnoreClusterRegistrationLabels bool `json:"ignoreClusterRegistrationLabels,omitempty"` // AgentTLSMode supports two values: `system-store` and `strict`. If set to `system-store`, instructs the agent // to trust CA bundles from the operating system's store. If set to `strict`, then the agent shall only connect // to a server which uses the exact CA configured when creating/updating the agent. AgentTLSMode string `json:"agentTLSMode,omitempty"` // The amount of time to wait for a response from the server before // canceling the request. Used to retrieve the latest commit of configured // git repositories. A non-existent value or 0 will result in a timeout of // 30 seconds. GitClientTimeout metav1.Duration `json:"gitClientTimeout,omitempty"` // GarbageCollectionInterval determines how often agents clean up obsolete Helm releases. GarbageCollectionInterval metav1.Duration `json:"garbageCollectionInterval,omitempty"` // AgentWorkers specifies the maximum number of workers for each agent reconciler. AgentWorkers AgentWorkers `json:"agentWorkers,omitempty"` }
Config is the config for the fleet controller and agent. Each use slightly different fields from this struct. It is stored as JSON in configmaps under the 'config' key.
func DefaultConfig ¶
func DefaultConfig() *Config