Documentation ¶
Index ¶
- func CreateOrUpdateClusterRole(ctx context.Context, clientset *kubernetes.Clientset) (*rbacv1.ClusterRole, error)
- func CreateOrUpdateClusterRoleBinding(ctx context.Context, clientset *kubernetes.Clientset) (*rbacv1.ClusterRoleBinding, error)
- func CreateServiceAccount(ctx context.Context, clientset *kubernetes.Clientset, name string) (*corev1.ServiceAccount, error)
- func GetMgmtClusterConfig() (*kubernetes.Clientset, error)
- func GetServiceAccountBearerToken(ctx context.Context, clientset *kubernetes.Clientset, name string) ([]byte, error)
- func GetTargetClusterConfig(mgmtClientset *kubernetes.Clientset, namespace string, name string) (*kubernetes.Clientset, *rest.Config, error)
- type ClusterConfig
- type ClusterReconciler
- type TLSClientConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateOrUpdateClusterRole ¶
func CreateOrUpdateClusterRole(ctx context.Context, clientset *kubernetes.Clientset) (*rbacv1.ClusterRole, error)
CreateOrUpdateClusterRole creates a cluster role in the target cluster for argocd.
func CreateOrUpdateClusterRoleBinding ¶
func CreateOrUpdateClusterRoleBinding(ctx context.Context, clientset *kubernetes.Clientset) (*rbacv1.ClusterRoleBinding, error)
CreateOrUpdateClusterRoleBinding creates a cluster role binding in the target cluster for argocd.
func CreateServiceAccount ¶
func CreateServiceAccount(ctx context.Context, clientset *kubernetes.Clientset, name string) (*corev1.ServiceAccount, error)
CreateServiceAccount creates a service account for argocd role in target cluster we are not currently trying to update this service account if it exists because name and namespace are immutable and we aren't setting any other properties.
func GetMgmtClusterConfig ¶
func GetMgmtClusterConfig() (*kubernetes.Clientset, error)
GetMgmtClusterConfig returns a kubernetes client config for the management cluster
func GetServiceAccountBearerToken ¶
func GetServiceAccountBearerToken(ctx context.Context, clientset *kubernetes.Clientset, name string) ([]byte, error)
GetServiceAccountBearerToken returns a bearer token for the service account this token is used to authenticate with the target cluster along with the CA
func GetTargetClusterConfig ¶
func GetTargetClusterConfig(mgmtClientset *kubernetes.Clientset, namespace string, name string) (*kubernetes.Clientset, *rest.Config, error)
GetTargetClusterConfig returns a kubernetes client config for the target cluster. This uses the structure of cluster-api secrets to retrieve the kubeconfig for the target cluster. The secret must be named <cluster-name>-kubeconfig and must contain a key named "value" with the kubeconfig for the target cluster.
Types ¶
type ClusterConfig ¶
type ClusterConfig struct { // Server requires Bearer authentication. This client will not attempt to use // refresh tokens for an OAuth2 flow. // TODO: demonstrate an OAuth2 compatible client. BearerToken string `json:"bearerToken,omitempty" protobuf:"bytes,3,opt,name=bearerToken"` // TLSClientConfig contains settings to enable transport layer security TLSClientConfig `json:"tlsClientConfig" protobuf:"bytes,4,opt,name=tlsClientConfig"` }
In true go fashion, I spent most of my time trying to resolve go mod issues so that I could import this one thing, I am now including it here directly for the time being. This is sourced from ArgoCD codebase located here:
https://github.com/argoproj/argo-cd/blob/master/pkg/apis/application/v1alpha1/types.go
type ClusterReconciler ¶
ClusterReconciler reconciles a Cluster object
func (*ClusterReconciler) Reconcile ¶
Reconcile is part of the main kubernetes reconciliation loop which aims to move the current state of the cluster closer to the desired state.
For more details, check Reconcile and its Result here: - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.11.0/pkg/reconcile
func (*ClusterReconciler) SetupWithManager ¶
func (r *ClusterReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
type TLSClientConfig ¶
type TLSClientConfig struct { // Insecure specifies that the server should be accessed without verifying the TLS certificate. For testing only. Insecure bool `json:"insecure" protobuf:"bytes,1,opt,name=insecure"` // CAData holds PEM-encoded bytes (typically read from a root certificates bundle). // CAData takes precedence over CAFile CAData []byte `json:"caData,omitempty" protobuf:"bytes,5,opt,name=caData"` }
TLSClientConfig contains settings to enable transport layer security