secrets

package
v1.5.0-beta.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 9, 2023 License: MPL-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package secrets provides resources which store secrets.

Index

Constants

View Source
const APIID = resource.ID("api")

APIID is a resource ID of singleton instance.

View Source
const APIType = resource.Type("ApiCertificates.secrets.talos.dev")

APIType is type of API resource.

View Source
const CertSANAPIID = resource.ID("api")

CertSANAPIID is a resource ID of singleton instance for the Talos API.

View Source
const CertSANKubernetesID = resource.ID("k8s")

CertSANKubernetesID is a resource ID of singleton instance for the Kubernetes API Server.

View Source
const CertSANMaintenanceID = resource.ID("maintenance")

CertSANMaintenanceID is a resource ID of singleton instance for the Talos Maintenance API.

View Source
const CertSANType = resource.Type("CertSANs.secrets.talos.dev")

CertSANType is type of CertSAN resource.

View Source
const EtcdID = resource.ID("etcd")

EtcdID is a resource ID of singleton instance.

View Source
const EtcdRootID = resource.ID("etcd")

EtcdRootID is the IDs of EtcdRoot.

View Source
const EtcdRootType = resource.Type("EtcdRootSecrets.secrets.talos.dev")

EtcdRootType is type of EtcdRoot secret resource.

View Source
const EtcdType = resource.Type("EtcdSecrets.secrets.talos.dev")

EtcdType is type of Etcd resource.

View Source
const KubeletID = resource.ID("kubelet")

KubeletID is the ID of KubeletType resource.

View Source
const KubeletType = resource.Type("KubeletSecrets.secrets.talos.dev")

KubeletType is type of Kubelet secret resource.

View Source
const KubernetesDynamicCertsID = resource.ID("k8s-dynamic-certs")

KubernetesDynamicCertsID is a resource ID of singleton instance.

View Source
const KubernetesDynamicCertsType = resource.Type("KubernetesDynamicCerts.secrets.talos.dev")

KubernetesDynamicCertsType is type of KubernetesCerts resource.

View Source
const KubernetesID = resource.ID("k8s-certs")

KubernetesID is a resource ID of singleton instance.

View Source
const KubernetesRootID = resource.ID("k8s")

KubernetesRootID is the ID of KubernetesRootType resource.

View Source
const KubernetesRootType = resource.Type("KubernetesRootSecrets.secrets.talos.dev")

KubernetesRootType is type of KubernetesRoot secret resource.

View Source
const KubernetesType = resource.Type("KubernetesSecrets.secrets.talos.dev")

KubernetesType is type of Kubernetes resource.

View Source
const MaintenanceRootID = resource.ID("maintenance")

MaintenanceRootID is the Resource ID for MaintenanceRoot.

View Source
const MaintenanceRootType = resource.Type("MaintenanceRootSecrets.secrets.talos.dev")

MaintenanceRootType is type of MaintenanceRoot secret resource.

View Source
const MaintenanceServiceCertsID = resource.ID("maintenance")

MaintenanceServiceCertsID is a resource ID of singleton instance.

View Source
const MaintenanceServiceCertsType = resource.Type("MaintenanceServiceCertificates.secrets.talos.dev")

MaintenanceServiceCertsType is type of MaintenanceCerts resource.

View Source
const NamespaceName resource.Namespace = "secrets"

NamespaceName contains resources containing secret material.

View Source
const OSRootID = resource.ID("os")

OSRootID is the Resource ID for OSRoot.

View Source
const OSRootType = resource.Type("OSRootSecrets.secrets.talos.dev")

OSRootType is type of OSRoot secret resource.

View Source
const TrustdID = resource.ID("trustd")

TrustdID is a resource ID of singleton instance.

View Source
const TrustdType = resource.Type("TrustdCertificates.secrets.talos.dev")

TrustdType is type of Trustd resource.

Variables

This section is empty.

Functions

This section is empty.

Types

type API

API contains apid generated secrets.

func NewAPI

func NewAPI() *API

NewAPI initializes an API resource.

type APICertsSpec

type APICertsSpec struct {
	CA     *x509.PEMEncodedCertificateAndKey `yaml:"ca" protobuf:"1"` // only cert is passed, without key
	Client *x509.PEMEncodedCertificateAndKey `yaml:"client" protobuf:"2"`
	Server *x509.PEMEncodedCertificateAndKey `yaml:"server" protobuf:"3"`
}

APICertsSpec describes etcd certs secrets.

func (APICertsSpec) DeepCopy

func (o APICertsSpec) DeepCopy() APICertsSpec

DeepCopy generates a deep copy of APICertsSpec.

type APIExtension added in v1.4.0

type APIExtension struct{}

APIExtension provides auxiliary methods for API.

func (APIExtension) ResourceDefinition added in v1.4.0

func (APIExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type APIReadyCondition

type APIReadyCondition struct {
	// contains filtered or unexported fields
}

APIReadyCondition implements condition which waits for the API certs to be ready.

func NewAPIReadyCondition

func NewAPIReadyCondition(state state.State) *APIReadyCondition

NewAPIReadyCondition builds a coondition which waits for the API certs to be ready.

func (*APIReadyCondition) String

func (condition *APIReadyCondition) String() string

func (*APIReadyCondition) Wait

func (condition *APIReadyCondition) Wait(ctx context.Context) error

Wait implements condition interface.

type CertSAN

CertSAN contains certficiate subject alternative names.

func NewCertSAN

func NewCertSAN(namespace resource.Namespace, id resource.ID) *CertSAN

NewCertSAN initializes a Etc resource.

type CertSANExtension added in v1.4.0

type CertSANExtension struct{}

CertSANExtension is a resource data of CertSAN.

func (CertSANExtension) ResourceDefinition added in v1.4.0

func (CertSANExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type CertSANSpec

type CertSANSpec struct {
	IPs      []netip.Addr `yaml:"ips" protobuf:"1"`
	DNSNames []string     `yaml:"dnsNames" protobuf:"2"`
	FQDN     string       `yaml:"fqdn" protobuf:"3"`
}

CertSANSpec describes fields of the cert SANs.

func (*CertSANSpec) Append

func (spec *CertSANSpec) Append(sans ...string)

Append list of SANs splitting into IPs/DNS names.

func (*CertSANSpec) AppendDNSNames

func (spec *CertSANSpec) AppendDNSNames(dnsNames ...string)

AppendDNSNames skipping duplicates.

func (*CertSANSpec) AppendIPs

func (spec *CertSANSpec) AppendIPs(ips ...netip.Addr)

AppendIPs skipping duplicates.

func (CertSANSpec) DeepCopy

func (o CertSANSpec) DeepCopy() CertSANSpec

DeepCopy generates a deep copy of CertSANSpec.

func (*CertSANSpec) Reset

func (spec *CertSANSpec) Reset()

Reset the list of SANs.

func (*CertSANSpec) Sort

func (spec *CertSANSpec) Sort()

Sort the CertSANs.

func (*CertSANSpec) StdIPs

func (spec *CertSANSpec) StdIPs() []net.IP

StdIPs returns a list of converted std.IPs.

type Etcd

Etcd contains etcd generated secrets.

func NewEtcd

func NewEtcd() *Etcd

NewEtcd initializes a Etc resource.

type EtcdCertsSpec

type EtcdCertsSpec struct {
	Etcd          *x509.PEMEncodedCertificateAndKey `yaml:"etcd" protobuf:"1"`
	EtcdPeer      *x509.PEMEncodedCertificateAndKey `yaml:"etcdPeer" protobuf:"2"`
	EtcdAdmin     *x509.PEMEncodedCertificateAndKey `yaml:"etcdAdmin" protobuf:"3"`
	EtcdAPIServer *x509.PEMEncodedCertificateAndKey `yaml:"etcdAPIServer" protobuf:"4"`
}

EtcdCertsSpec describes etcd certs secrets.

func (EtcdCertsSpec) DeepCopy

func (o EtcdCertsSpec) DeepCopy() EtcdCertsSpec

DeepCopy generates a deep copy of EtcdCertsSpec.

type EtcdExtension added in v1.4.0

type EtcdExtension struct{}

EtcdExtension provides auxiliary methods for Etcd.

func (EtcdExtension) ResourceDefinition added in v1.4.0

func (EtcdExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type EtcdRoot

EtcdRoot contains root (not generated) secrets.

func NewEtcdRoot

func NewEtcdRoot(id resource.ID) *EtcdRoot

NewEtcdRoot initializes a EtcdRoot resource.

type EtcdRootExtension added in v1.4.0

type EtcdRootExtension struct{}

EtcdRootExtension provides auxiliary methods for EtcdRoot.

func (EtcdRootExtension) ResourceDefinition added in v1.4.0

func (EtcdRootExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type EtcdRootSpec

type EtcdRootSpec struct {
	EtcdCA *x509.PEMEncodedCertificateAndKey `yaml:"etcdCA" protobuf:"1"`
}

EtcdRootSpec describes etcd CA secrets.

func (EtcdRootSpec) DeepCopy

func (o EtcdRootSpec) DeepCopy() EtcdRootSpec

DeepCopy generates a deep copy of EtcdRootSpec.

type Kubelet

Kubelet contains root (not generated) secrets.

func NewKubelet

func NewKubelet(id resource.ID) *Kubelet

NewKubelet initializes a Kubelet resource.

type KubeletExtension added in v1.4.0

type KubeletExtension struct{}

KubeletExtension provides auxiliary methods for Kubelet.

func (KubeletExtension) ResourceDefinition added in v1.4.0

func (KubeletExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type KubeletSpec

type KubeletSpec struct {
	Endpoint *url.URL `yaml:"endpoint" protobuf:"1"`

	CA *x509.PEMEncodedCertificateAndKey `yaml:"ca" protobuf:"2"`

	BootstrapTokenID     string `yaml:"bootstrapTokenID" protobuf:"3"`
	BootstrapTokenSecret string `yaml:"bootstrapTokenSecret" protobuf:"4"`
}

KubeletSpec describes root Kubernetes secrets.

func (KubeletSpec) DeepCopy

func (o KubeletSpec) DeepCopy() KubeletSpec

DeepCopy generates a deep copy of KubeletSpec.

type Kubernetes

Kubernetes contains K8s generated secrets.

Kubernetes resource contains secrets which require reload of the control plane pods if updated.

func NewKubernetes

func NewKubernetes() *Kubernetes

NewKubernetes initializes a Kubernetes resource.

type KubernetesCertsSpec

type KubernetesCertsSpec struct {
	SchedulerKubeconfig         string `yaml:"schedulerKubeconfig" protobuf:"4"`
	ControllerManagerKubeconfig string `yaml:"controllerManagerKubeconfig" protobuf:"5"`

	// Admin-level kubeconfig with access through the localhost endpoint and cluster endpoints.
	LocalhostAdminKubeconfig string `yaml:"localhostAdminKubeconfig" protobuf:"6"`
	AdminKubeconfig          string `yaml:"adminKubeconfig" protobuf:"7"`
}

KubernetesCertsSpec describes generated Kubernetes certificates.

func (KubernetesCertsSpec) DeepCopy

DeepCopy generates a deep copy of KubernetesCertsSpec.

type KubernetesDynamicCerts added in v1.4.2

KubernetesDynamicCerts contains K8s generated secrets.

KubernetesDynamicCerts resource contains secrets which do not require reload when updated.

func NewKubernetesDynamicCerts added in v1.4.2

func NewKubernetesDynamicCerts() *KubernetesDynamicCerts

NewKubernetesDynamicCerts initializes a KubernetesCerts resource.

type KubernetesDynamicCertsExtension added in v1.4.2

type KubernetesDynamicCertsExtension struct{}

KubernetesDynamicCertsExtension provides auxiliary methods for KubernetesCerts.

func (KubernetesDynamicCertsExtension) ResourceDefinition added in v1.4.2

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type KubernetesDynamicCertsSpec added in v1.4.2

type KubernetesDynamicCertsSpec struct {
	APIServer              *x509.PEMEncodedCertificateAndKey `yaml:"apiServer" protobuf:"1"`
	APIServerKubeletClient *x509.PEMEncodedCertificateAndKey `yaml:"apiServerKubeletClient" protobuf:"2"`
	FrontProxy             *x509.PEMEncodedCertificateAndKey `yaml:"frontProxy" protobuf:"3"`
}

KubernetesDynamicCertsSpec describes generated KubernetesCerts certificates.

func (KubernetesDynamicCertsSpec) DeepCopy added in v1.4.2

DeepCopy generates a deep copy of KubernetesDynamicCertsSpec.

type KubernetesExtension added in v1.4.0

type KubernetesExtension struct{}

KubernetesExtension provides auxiliary methods for Kubernetes.

func (KubernetesExtension) ResourceDefinition added in v1.4.0

func (KubernetesExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type KubernetesRoot

KubernetesRoot contains root (not generated) secrets.

func NewKubernetesRoot

func NewKubernetesRoot(id resource.ID) *KubernetesRoot

NewKubernetesRoot initializes a KubernetesRoot resource.

type KubernetesRootExtension added in v1.4.0

type KubernetesRootExtension struct{}

KubernetesRootExtension provides auxiliary methods for KubernetesRoot.

func (KubernetesRootExtension) ResourceDefinition added in v1.4.0

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type KubernetesRootSpec

type KubernetesRootSpec struct {
	Name          string       `yaml:"name" protobuf:"1"`
	Endpoint      *url.URL     `yaml:"endpoint" protobuf:"2"`
	LocalEndpoint *url.URL     `yaml:"local_endpoint" protobuf:"3"`
	CertSANs      []string     `yaml:"certSANs" protobuf:"4"`
	APIServerIPs  []netip.Addr `yaml:"apiServerIPs" protobuf:"14"`
	DNSDomain     string       `yaml:"dnsDomain" protobuf:"6"`

	CA             *x509.PEMEncodedCertificateAndKey `yaml:"ca" protobuf:"7"`
	ServiceAccount *x509.PEMEncodedKey               `yaml:"serviceAccount" protobuf:"8"`
	AggregatorCA   *x509.PEMEncodedCertificateAndKey `yaml:"aggregatorCA" protobuf:"9"`

	AESCBCEncryptionSecret string `yaml:"aesCBCEncryptionSecret" protobuf:"10"`

	BootstrapTokenID     string `yaml:"bootstrapTokenID" protobuf:"11"`
	BootstrapTokenSecret string `yaml:"bootstrapTokenSecret" protobuf:"12"`

	SecretboxEncryptionSecret string `yaml:"secretboxEncryptionSecret" protobuf:"13"`
}

KubernetesRootSpec describes root Kubernetes secrets.

func (KubernetesRootSpec) DeepCopy

DeepCopy generates a deep copy of KubernetesRootSpec.

type MaintenanceCertsExtension added in v1.5.0

type MaintenanceCertsExtension struct{}

MaintenanceCertsExtension provides auxiliary methods for MaintenanceCerts.

func (MaintenanceCertsExtension) ResourceDefinition added in v1.5.0

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type MaintenanceRoot added in v1.5.0

MaintenanceRoot contains root secrets for the maintenance service.

func NewMaintenanceRoot added in v1.5.0

func NewMaintenanceRoot(id resource.ID) *MaintenanceRoot

NewMaintenanceRoot initializes a MaintenanceRoot resource.

type MaintenanceRootExtension added in v1.5.0

type MaintenanceRootExtension struct{}

MaintenanceRootExtension provides auxiliary methods for MaintenanceRoot.

func (MaintenanceRootExtension) ResourceDefinition added in v1.5.0

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type MaintenanceRootSpec added in v1.5.0

type MaintenanceRootSpec struct {
	CA *x509.PEMEncodedCertificateAndKey `yaml:"ca" protobuf:"1"`
}

MaintenanceRootSpec describes maintenance service CA.

func (MaintenanceRootSpec) DeepCopy added in v1.5.0

DeepCopy generates a deep copy of MaintenanceRootSpec.

type MaintenanceServiceCerts added in v1.5.0

MaintenanceServiceCerts contains Maintenance Service generated secrets.

func NewMaintenanceServiceCerts added in v1.5.0

func NewMaintenanceServiceCerts() *MaintenanceServiceCerts

NewMaintenanceServiceCerts initializes an MaintenanceCerts resource.

type MaintenanceServiceCertsSpec added in v1.5.0

type MaintenanceServiceCertsSpec struct {
	CA     *x509.PEMEncodedCertificateAndKey `yaml:"ca" protobuf:"1"` // only cert is passed, without key
	Server *x509.PEMEncodedCertificateAndKey `yaml:"server" protobuf:"2"`
}

MaintenanceServiceCertsSpec describes maintenance service certs secrets.

func (MaintenanceServiceCertsSpec) DeepCopy added in v1.5.0

DeepCopy generates a deep copy of MaintenanceServiceCertsSpec.

type OSRoot

OSRoot contains root (not generated) secrets.

func NewOSRoot

func NewOSRoot(id resource.ID) *OSRoot

NewOSRoot initializes a OSRoot resource.

type OSRootExtension added in v1.4.0

type OSRootExtension struct{}

OSRootExtension provides auxiliary methods for OSRoot.

func (OSRootExtension) ResourceDefinition added in v1.4.0

func (OSRootExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type OSRootSpec

type OSRootSpec struct {
	CA              *x509.PEMEncodedCertificateAndKey `yaml:"ca" protobuf:"1"`
	CertSANIPs      []netip.Addr                      `yaml:"certSANIPs" protobuf:"2"`
	CertSANDNSNames []string                          `yaml:"certSANDNSNames" protobuf:"3"`

	Token string `yaml:"token" protobuf:"4"`
}

OSRootSpec describes operating system CA.

func (OSRootSpec) DeepCopy

func (o OSRootSpec) DeepCopy() OSRootSpec

DeepCopy generates a deep copy of OSRootSpec.

type Trustd

Trustd contains trustd generated secrets.

func NewTrustd

func NewTrustd() *Trustd

NewTrustd initializes a Trustd resource.

type TrustdCertsSpec

type TrustdCertsSpec struct {
	CA     *x509.PEMEncodedCertificateAndKey `yaml:"ca" protobuf:"1"` // only cert is passed, without key
	Server *x509.PEMEncodedCertificateAndKey `yaml:"server" protobuf:"2"`
}

TrustdCertsSpec describes etcd certs secrets.

func (TrustdCertsSpec) DeepCopy

func (o TrustdCertsSpec) DeepCopy() TrustdCertsSpec

DeepCopy generates a deep copy of TrustdCertsSpec.

type TrustdExtension added in v1.4.0

type TrustdExtension struct{}

TrustdExtension provides auxiliary methods for Trustd.

func (TrustdExtension) ResourceDefinition added in v1.4.0

func (TrustdExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL