secrets

Documentation

Overview

Package secrets provides resources which store secrets.

Index

• Constants
• type API
  • func NewAPI() *API
• type APICertsSpec
  • func (o APICertsSpec) DeepCopy() APICertsSpec
• type APIRD
  • func (APIRD) ResourceDefinition(resource.Metadata, APICertsSpec) meta.ResourceDefinitionSpec
• type APIReadyCondition
  • func NewAPIReadyCondition(state state.State) *APIReadyCondition
  • func (condition *APIReadyCondition) String() string
  • func (condition *APIReadyCondition) Wait(ctx context.Context) error
• type CertSAN
  • func NewCertSAN(namespace resource.Namespace, id resource.ID) *CertSAN
• type CertSANRD
  • func (CertSANRD) ResourceDefinition(resource.Metadata, CertSANSpec) meta.ResourceDefinitionSpec
• type CertSANSpec
  • func (spec *CertSANSpec) Append(sans ...string)
  • func (spec *CertSANSpec) AppendDNSNames(dnsNames ...string)
  • func (spec *CertSANSpec) AppendIPs(ips ...netip.Addr)
  • func (o CertSANSpec) DeepCopy() CertSANSpec
  • func (spec *CertSANSpec) Reset()
  • func (spec *CertSANSpec) Sort()
  • func (spec *CertSANSpec) StdIPs() []net.IP
• type Etcd
  • func NewEtcd() *Etcd
• type EtcdCertsSpec
  • func (o EtcdCertsSpec) DeepCopy() EtcdCertsSpec
• type EtcdRD
  • func (EtcdRD) ResourceDefinition(resource.Metadata, EtcdCertsSpec) meta.ResourceDefinitionSpec
• type EtcdRoot
  • func NewEtcdRoot(id resource.ID) *EtcdRoot
• type EtcdRootRD
  • func (EtcdRootRD) ResourceDefinition(resource.Metadata, EtcdRootSpec) meta.ResourceDefinitionSpec
• type EtcdRootSpec
  • func (o EtcdRootSpec) DeepCopy() EtcdRootSpec
• type Kubelet
  • func NewKubelet(id resource.ID) *Kubelet
• type KubeletRD
  • func (KubeletRD) ResourceDefinition(resource.Metadata, KubeletSpec) meta.ResourceDefinitionSpec
• type KubeletSpec
  • func (o KubeletSpec) DeepCopy() KubeletSpec
• type Kubernetes
  • func NewKubernetes() *Kubernetes
• type KubernetesCertsSpec
  • func (o KubernetesCertsSpec) DeepCopy() KubernetesCertsSpec
• type KubernetesRD
  • func (KubernetesRD) ResourceDefinition(resource.Metadata, KubernetesCertsSpec) meta.ResourceDefinitionSpec
• type KubernetesRoot
  • func NewKubernetesRoot(id resource.ID) *KubernetesRoot
• type KubernetesRootRD
  • func (KubernetesRootRD) ResourceDefinition(resource.Metadata, KubernetesRootSpec) meta.ResourceDefinitionSpec
• type KubernetesRootSpec
  • func (o KubernetesRootSpec) DeepCopy() KubernetesRootSpec
• type OSRoot
  • func NewOSRoot(id resource.ID) *OSRoot
• type OSRootRD
  • func (OSRootRD) ResourceDefinition(resource.Metadata, OSRootSpec) meta.ResourceDefinitionSpec
• type OSRootSpec
  • func (o OSRootSpec) DeepCopy() OSRootSpec
• type Trustd
  • func NewTrustd() *Trustd
• type TrustdCertsSpec
  • func (o TrustdCertsSpec) DeepCopy() TrustdCertsSpec
• type TrustdRD
  • func (TrustdRD) ResourceDefinition(resource.Metadata, TrustdCertsSpec) meta.ResourceDefinitionSpec

Constants

const APIID = resource.ID("api")

APIID is a resource ID of singleton instance.

const APIType = resource.Type("ApiCertificates.secrets.talos.dev")

APIType is type of API resource.

const CertSANAPIID = resource.ID("api")

CertSANAPIID is a resource ID of singleton instance for the Talos API.

const CertSANKubernetesID = resource.ID("k8s")

CertSANKubernetesID is a resource ID of singleton instance for the Kubernetes API Server.

const CertSANType = resource.Type("CertSANs.secrets.talos.dev")

CertSANType is type of CertSAN resource.

const EtcdID = resource.ID("etcd")

EtcdID is a resource ID of singleton instance.

const EtcdRootID = resource.ID("etcd")

EtcdRootID is the IDs of EtcdRoot.

const EtcdRootType = resource.Type("EtcdRootSecrets.secrets.talos.dev")

EtcdRootType is type of EtcdRoot secret resource.

const EtcdType = resource.Type("EtcdSecrets.secrets.talos.dev")

EtcdType is type of Etcd resource.

const KubeletID = resource.ID("kubelet")

KubeletID is the ID of KubeletType resource.

const KubeletType = resource.Type("KubeletSecrets.secrets.talos.dev")

KubeletType is type of Kubelet secret resource.

const KubernetesID = resource.ID("k8s-certs")

KubernetesID is a resource ID of singleton instance.

const KubernetesRootID = resource.ID("k8s")

KubernetesRootID is the ID of KubernetesRootType resource.

const KubernetesRootType = resource.Type("KubernetesRootSecrets.secrets.talos.dev")

KubernetesRootType is type of KubernetesRoot secret resource.

const KubernetesType = resource.Type("KubernetesSecrets.secrets.talos.dev")

KubernetesType is type of Kubernetes resource.

const NamespaceName resource.Namespace = "secrets"

NamespaceName contains resources containing secret material.

const OSRootID = resource.ID("os")

OSRootID is the Resource ID for OSRoot.

const OSRootType = resource.Type("OSRootSecrets.secrets.talos.dev")

OSRootType is type of OSRoot secret resource.

const TrustdID = resource.ID("trustd")

TrustdID is a resource ID of singleton instance.

const TrustdType = resource.Type("TrustdCertificates.secrets.talos.dev")

TrustdType is type of Trustd resource.

Types

type API

type API = typed.Resource[APICertsSpec, APIRD]

API contains apid generated secrets.

func NewAPI

func NewAPI() *API

NewAPI initializes an API resource.

type APICertsSpec

type APICertsSpec struct {
	CA     *x509.PEMEncodedCertificateAndKey `yaml:"ca" protobuf:"1"` // only cert is passed, without key
	Client *x509.PEMEncodedCertificateAndKey `yaml:"client" protobuf:"2"`
	Server *x509.PEMEncodedCertificateAndKey `yaml:"server" protobuf:"3"`
}

APICertsSpec describes etcd certs secrets.

func (APICertsSpec) DeepCopy

func (o APICertsSpec) DeepCopy() APICertsSpec

DeepCopy generates a deep copy of APICertsSpec.

type APIRD

type APIRD struct{}

APIRD provides auxiliary methods for API.

func (APIRD) ResourceDefinition

func (APIRD) ResourceDefinition(resource.Metadata, APICertsSpec) meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type APIReadyCondition

type APIReadyCondition struct {
	// contains filtered or unexported fields
}

APIReadyCondition implements condition which waits for the API certs to be ready.

func NewAPIReadyCondition

func NewAPIReadyCondition(state state.State) *APIReadyCondition

NewAPIReadyCondition builds a coondition which waits for the API certs to be ready.

func (*APIReadyCondition) String

func (condition *APIReadyCondition) String() string

func (*APIReadyCondition) Wait

func (condition *APIReadyCondition) Wait(ctx context.Context) error

Wait implements condition interface.

type CertSAN

type CertSAN = typed.Resource[CertSANSpec, CertSANRD]

CertSAN contains certficiate subject alternative names.

func NewCertSAN

func NewCertSAN(namespace resource.Namespace, id resource.ID) *CertSAN

NewCertSAN initializes a Etc resource.

type CertSANRD

type CertSANRD struct{}

CertSANRD is a resource data of CertSAN.

func (CertSANRD) ResourceDefinition

func (CertSANRD) ResourceDefinition(resource.Metadata, CertSANSpec) meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type CertSANSpec

type CertSANSpec struct {
	IPs      []netip.Addr `yaml:"ips" protobuf:"1"`
	DNSNames []string     `yaml:"dnsNames" protobuf:"2"`
	FQDN     string       `yaml:"fqdn" protobuf:"3"`
}

CertSANSpec describes fields of the cert SANs.

func (*CertSANSpec) Append

func (spec *CertSANSpec) Append(sans ...string)

Append list of SANs splitting into IPs/DNS names.

func (*CertSANSpec) AppendDNSNames

func (spec *CertSANSpec) AppendDNSNames(dnsNames ...string)

AppendDNSNames skipping duplicates.

func (*CertSANSpec) AppendIPs

func (spec *CertSANSpec) AppendIPs(ips ...netip.Addr)

AppendIPs skipping duplicates.

func (CertSANSpec) DeepCopy

func (o CertSANSpec) DeepCopy() CertSANSpec

DeepCopy generates a deep copy of CertSANSpec.

func (*CertSANSpec) Reset

func (spec *CertSANSpec) Reset()

Reset the list of SANs.

func (*CertSANSpec) Sort

func (spec *CertSANSpec) Sort()

Sort the CertSANs.

func (*CertSANSpec) StdIPs

func (spec *CertSANSpec) StdIPs() []net.IP

StdIPs returns a list of converted std.IPs.

type Etcd

type Etcd = typed.Resource[EtcdCertsSpec, EtcdRD]

Etcd contains etcd generated secrets.

func NewEtcd

func NewEtcd() *Etcd

NewEtcd initializes a Etc resource.

type EtcdCertsSpec

type EtcdCertsSpec struct {
	Etcd          *x509.PEMEncodedCertificateAndKey `yaml:"etcd" protobuf:"1"`
	EtcdPeer      *x509.PEMEncodedCertificateAndKey `yaml:"etcdPeer" protobuf:"2"`
	EtcdAdmin     *x509.PEMEncodedCertificateAndKey `yaml:"etcdAdmin" protobuf:"3"`
	EtcdAPIServer *x509.PEMEncodedCertificateAndKey `yaml:"etcdAPIServer" protobuf:"4"`
}

EtcdCertsSpec describes etcd certs secrets.

func (EtcdCertsSpec) DeepCopy

func (o EtcdCertsSpec) DeepCopy() EtcdCertsSpec

DeepCopy generates a deep copy of EtcdCertsSpec.

type EtcdRD

type EtcdRD struct{}

EtcdRD provides auxiliary methods for Etcd.

func (EtcdRD) ResourceDefinition

func (EtcdRD) ResourceDefinition(resource.Metadata, EtcdCertsSpec) meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type EtcdRoot

type EtcdRoot = typed.Resource[EtcdRootSpec, EtcdRootRD]

EtcdRoot contains root (not generated) secrets.

func NewEtcdRoot

func NewEtcdRoot(id resource.ID) *EtcdRoot

NewEtcdRoot initializes a EtcdRoot resource.

type EtcdRootRD

type EtcdRootRD struct{}

EtcdRootRD provides auxiliary methods for EtcdRoot.

func (EtcdRootRD) ResourceDefinition

func (EtcdRootRD) ResourceDefinition(resource.Metadata, EtcdRootSpec) meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type EtcdRootSpec

type EtcdRootSpec struct {
	EtcdCA *x509.PEMEncodedCertificateAndKey `yaml:"etcdCA" protobuf:"1"`
}

EtcdRootSpec describes etcd CA secrets.

func (EtcdRootSpec) DeepCopy

func (o EtcdRootSpec) DeepCopy() EtcdRootSpec

DeepCopy generates a deep copy of EtcdRootSpec.

type Kubelet

type Kubelet = typed.Resource[KubeletSpec, KubeletRD]

Kubelet contains root (not generated) secrets.

func NewKubelet

func NewKubelet(id resource.ID) *Kubelet

NewKubelet initializes a Kubelet resource.

type KubeletRD

type KubeletRD struct{}

KubeletRD provides auxiliary methods for Kubelet.

func (KubeletRD) ResourceDefinition

func (KubeletRD) ResourceDefinition(resource.Metadata, KubeletSpec) meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type KubeletSpec

type KubeletSpec struct {
	Endpoint *url.URL `yaml:"endpoint" protobuf:"1"`

	CA *x509.PEMEncodedCertificateAndKey `yaml:"ca" protobuf:"2"`

	BootstrapTokenID     string `yaml:"bootstrapTokenID" protobuf:"3"`
	BootstrapTokenSecret string `yaml:"bootstrapTokenSecret" protobuf:"4"`
}

KubeletSpec describes root Kubernetes secrets.

func (KubeletSpec) DeepCopy

func (o KubeletSpec) DeepCopy() KubeletSpec

DeepCopy generates a deep copy of KubeletSpec.

type Kubernetes

type Kubernetes = typed.Resource[KubernetesCertsSpec, KubernetesRD]

Kubernetes contains K8s generated secrets.

func NewKubernetes

func NewKubernetes() *Kubernetes

NewKubernetes initializes a Kubernetes resource.

type KubernetesCertsSpec

type KubernetesCertsSpec struct {
	APIServer              *x509.PEMEncodedCertificateAndKey `yaml:"apiServer" protobuf:"1"`
	APIServerKubeletClient *x509.PEMEncodedCertificateAndKey `yaml:"apiServerKubeletClient" protobuf:"2"`
	FrontProxy             *x509.PEMEncodedCertificateAndKey `yaml:"frontProxy" protobuf:"3"`

	SchedulerKubeconfig         string `yaml:"schedulerKubeconfig" protobuf:"4"`
	ControllerManagerKubeconfig string `yaml:"controllerManagerKubeconfig" protobuf:"5"`

	// Admin-level kubeconfig with access through the localhost endpoint and cluster endpoints.
	LocalhostAdminKubeconfig string `yaml:"localhostAdminKubeconfig" protobuf:"6"`
	AdminKubeconfig          string `yaml:"adminKubeconfig" protobuf:"7"`
}

KubernetesCertsSpec describes generated Kubernetes certificates.

func (KubernetesCertsSpec) DeepCopy

func (o KubernetesCertsSpec) DeepCopy() KubernetesCertsSpec

DeepCopy generates a deep copy of KubernetesCertsSpec.

type KubernetesRD

type KubernetesRD struct{}

KubernetesRD provides auxiliary methods for Kubernetes.

func (KubernetesRD) ResourceDefinition

func (KubernetesRD) ResourceDefinition(resource.Metadata, KubernetesCertsSpec) meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type KubernetesRoot

type KubernetesRoot = typed.Resource[KubernetesRootSpec, KubernetesRootRD]

KubernetesRoot contains root (not generated) secrets.

func NewKubernetesRoot

func NewKubernetesRoot(id resource.ID) *KubernetesRoot

NewKubernetesRoot initializes a KubernetesRoot resource.

type KubernetesRootRD

type KubernetesRootRD struct{}

KubernetesRootRD provides auxiliary methods for KubernetesRoot.

func (KubernetesRootRD) ResourceDefinition

func (KubernetesRootRD) ResourceDefinition(resource.Metadata, KubernetesRootSpec) meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type KubernetesRootSpec

type KubernetesRootSpec struct {
	Name          string       `yaml:"name" protobuf:"1"`
	Endpoint      *url.URL     `yaml:"endpoint" protobuf:"2"`
	LocalEndpoint *url.URL     `yaml:"local_endpoint" protobuf:"3"`
	CertSANs      []string     `yaml:"certSANs" protobuf:"4"`
	APIServerIPs  []netip.Addr `yaml:"apiServerIPs" protobuf:"14"`
	DNSDomain     string       `yaml:"dnsDomain" protobuf:"6"`

	CA             *x509.PEMEncodedCertificateAndKey `yaml:"ca" protobuf:"7"`
	ServiceAccount *x509.PEMEncodedKey               `yaml:"serviceAccount" protobuf:"8"`
	AggregatorCA   *x509.PEMEncodedCertificateAndKey `yaml:"aggregatorCA" protobuf:"9"`

	AESCBCEncryptionSecret string `yaml:"aesCBCEncryptionSecret" protobuf:"10"`

	BootstrapTokenID     string `yaml:"bootstrapTokenID" protobuf:"11"`
	BootstrapTokenSecret string `yaml:"bootstrapTokenSecret" protobuf:"12"`

	SecretboxEncryptionSecret string `yaml:"secretboxEncryptionSecret" protobuf:"13"`
}

KubernetesRootSpec describes root Kubernetes secrets.

func (KubernetesRootSpec) DeepCopy

func (o KubernetesRootSpec) DeepCopy() KubernetesRootSpec

DeepCopy generates a deep copy of KubernetesRootSpec.

type OSRoot

type OSRoot = typed.Resource[OSRootSpec, OSRootRD]

OSRoot contains root (not generated) secrets.

func NewOSRoot

func NewOSRoot(id resource.ID) *OSRoot

NewOSRoot initializes a OSRoot resource.

type OSRootRD

type OSRootRD struct{}

OSRootRD provides auxiliary methods for OSRoot.

func (OSRootRD) ResourceDefinition

func (OSRootRD) ResourceDefinition(resource.Metadata, OSRootSpec) meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type OSRootSpec

type OSRootSpec struct {
	CA              *x509.PEMEncodedCertificateAndKey `yaml:"ca" protobuf:"1"`
	CertSANIPs      []netip.Addr                      `yaml:"certSANIPs" protobuf:"2"`
	CertSANDNSNames []string                          `yaml:"certSANDNSNames" protobuf:"3"`

	Token string `yaml:"token" protobuf:"4"`
}

OSRootSpec describes operating system CA.

func (OSRootSpec) DeepCopy

func (o OSRootSpec) DeepCopy() OSRootSpec

DeepCopy generates a deep copy of OSRootSpec.

type Trustd

type Trustd = typed.Resource[TrustdCertsSpec, TrustdRD]

Trustd contains trustd generated secrets.

func NewTrustd

func NewTrustd() *Trustd

NewTrustd initializes a Trustd resource.

type TrustdCertsSpec

type TrustdCertsSpec struct {
	CA     *x509.PEMEncodedCertificateAndKey `yaml:"ca" protobuf:"1"` // only cert is passed, without key
	Server *x509.PEMEncodedCertificateAndKey `yaml:"server" protobuf:"2"`
}

TrustdCertsSpec describes etcd certs secrets.

func (TrustdCertsSpec) DeepCopy

func (o TrustdCertsSpec) DeepCopy() TrustdCertsSpec

DeepCopy generates a deep copy of TrustdCertsSpec.

type TrustdRD

type TrustdRD struct{}

TrustdRD provides auxiliary methods for Trustd.

func (TrustdRD) ResourceDefinition

func (TrustdRD) ResourceDefinition(resource.Metadata, TrustdCertsSpec) meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.