openshift

package

v2.14.11+incompatible Latest Latest Go to latest Published: Mar 11, 2021 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/simontheleg/kubermatic

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func AESDecrypt(data, key []byte) ([]byte, error)
func APIServerNSCreatorGetter() (string, reconciling.NamespaceCreator)
func APIServicecreatorGetterFactory(clusterNS string) reconciling.NamedServiceCreatorGetter
func CloudCredentialOperatorNSGetter() (string, reconciling.NamespaceCreator)
func CloudCredentialSecretCreator(templateSecret corev1.Secret) reconciling.NamedSecretCreatorGetter
func ClusterVersionCreatorGetter(clusterNamespaceName string) reconciling.NamedUnstructuredCreatorGetter
func ConsoleOAuthClientCreator(consoleCallbackURI string) reconciling.NamedUnstructuredCreatorGetter
func ControllerManagerNSCreatorGetter() (string, reconciling.NamespaceCreator)
func ControlplaneConfigCreator(platformName string) reconciling.NamedConfigMapCreatorGetter
func GetAPIServicesForOpenshiftVersion(openshiftVersion string, caBundle []byte) ([]reconciling.NamedAPIServiceCreatorGetter, error)
func GetOAuthEncryptionKey(ctx context.Context, seedClient ctrlruntimeclient.Client, seedNamespace string) ([]byte, error)
func InfrastructureCreatorGetter(platform string) reconciling.NamedUnstructuredCreatorGetter
func KubeSchedulerNSCreatorGetter() (string, reconciling.NamespaceCreator)
func KubeSchedulerRoleBindingCreatorGetter() (string, reconciling.RoleBindingCreator)
func KubeSchedulerRoleCreatorGetter() (string, reconciling.RoleCreator)
func NetworkOperatorNSGetter() (string, reconciling.NamespaceCreator)
func OAuthBootstrapPasswordCreatorGetter(seedClient ctrlruntimeclient.Client, seedNamespace string) reconciling.NamedSecretCreatorGetter
func RegistryNSGetter() (string, reconciling.NamespaceCreator)
func RegistryServingCert(caCert *triple.KeyPair) reconciling.NamedSecretCreatorGetter
func TokenOwnerServiceAccount() (string, reconciling.ServiceAccountCreator)
func TokenOwnerServiceAccountClusterRoleBinding() (string, reconciling.ClusterRoleBindingCreator)

Constants ¶

View Source

const (
	OAuthBootstrapSecretName       = "kubeadmin"
	OAuthBootstrapEncryptedkeyName = "encrypted"
)

View Source

const ConsoleOAuthClientName = "console"

ConsoleOAuthClientName is the name of the OAuthClient object created for the openshift console

View Source

const (

	// TokenOwnerServiceAccountName is the name of the ServiceAccount used to back the
	// admin kubeconfig our API hands out
	TokenOwnerServiceAccountName = "cluster-admin"
)

Variables ¶

This section is empty.

Functions ¶

func AESDecrypt ¶

func AESDecrypt(data, key []byte) ([]byte, error)

func APIServerNSCreatorGetter ¶

func APIServerNSCreatorGetter() (string, reconciling.NamespaceCreator)

func APIServicecreatorGetterFactory ¶

func APIServicecreatorGetterFactory(clusterNS string) reconciling.NamedServiceCreatorGetter

func CloudCredentialOperatorNSGetter ¶

func CloudCredentialOperatorNSGetter() (string, reconciling.NamespaceCreator)

CloudCredentialOperatorNSGetter creates the namespace in which all credentialsrequests end up

func CloudCredentialSecretCreator ¶

func CloudCredentialSecretCreator(templateSecret corev1.Secret) reconciling.NamedSecretCreatorGetter

func ClusterVersionCreatorGetter ¶

func ClusterVersionCreatorGetter(clusterNamespaceName string) reconciling.NamedUnstructuredCreatorGetter

ClusterVersionCreatorGetter returns the ClusterVersionCreator

func ConsoleOAuthClientCreator ¶

func ConsoleOAuthClientCreator(consoleCallbackURI string) reconciling.NamedUnstructuredCreatorGetter

func ControllerManagerNSCreatorGetter ¶

func ControllerManagerNSCreatorGetter() (string, reconciling.NamespaceCreator)

func ControlplaneConfigCreator ¶

func ControlplaneConfigCreator(platformName string) reconciling.NamedConfigMapCreatorGetter

func GetAPIServicesForOpenshiftVersion ¶

func GetAPIServicesForOpenshiftVersion(openshiftVersion string, caBundle []byte) ([]reconciling.NamedAPIServiceCreatorGetter, error)

GetAPIServicesForOpenshiftVersion returns all the NamedAPIServiceCreatorGetters for the given Openshift version or an error

func GetOAuthEncryptionKey ¶

func GetOAuthEncryptionKey(ctx context.Context, seedClient ctrlruntimeclient.Client, seedNamespace string) ([]byte, error)

GetOAuthEncryptionKey fetches the key used to encrypt the OAuthBootstrapPassword in the usercluster. We simply use the UID of the CA secret, as it it should be very hard to guess.

func InfrastructureCreatorGetter ¶

func InfrastructureCreatorGetter(platform string) reconciling.NamedUnstructuredCreatorGetter

InfrastructureCreatorGetter returns the Infrastructure object. It is needed by the cloud-credential-operator.

func KubeSchedulerNSCreatorGetter ¶

func KubeSchedulerNSCreatorGetter() (string, reconciling.NamespaceCreator)

func KubeSchedulerRoleBindingCreatorGetter ¶

func KubeSchedulerRoleBindingCreatorGetter() (string, reconciling.RoleBindingCreator)

func KubeSchedulerRoleCreatorGetter ¶

func KubeSchedulerRoleCreatorGetter() (string, reconciling.RoleCreator)

KubeSystemRoleCreator returns the func to create/update the Role for the machine controller to allow reading secrets

func NetworkOperatorNSGetter ¶

func NetworkOperatorNSGetter() (string, reconciling.NamespaceCreator)

The network-operator runs in the seed but still creates some stuff in this NS

func OAuthBootstrapPasswordCreatorGetter ¶

func OAuthBootstrapPasswordCreatorGetter(seedClient ctrlruntimeclient.Client, seedNamespace string) reconciling.NamedSecretCreatorGetter

OAuthBootstrapPassword is the password we use to authenticate the dashboard against the OAuth service. It must be created in the kube-system namespace. We also have to transport its raw value into the seed, because its used by the Openshift Console endpoint to authenticate against the oauth service. To not expose the raw value to the user, we AES encrypt it using the admin token as key (Anyone with that token may do everything in the seed anyways).

func RegistryNSGetter ¶

func RegistryNSGetter() (string, reconciling.NamespaceCreator)

RegistryNSGetter is used to create the namespace in which the registry operator creates the registry

func RegistryServingCert ¶

func RegistryServingCert(caCert *triple.KeyPair) reconciling.NamedSecretCreatorGetter

func TokenOwnerServiceAccount ¶

func TokenOwnerServiceAccount() (string, reconciling.ServiceAccountCreator)

TokenOwnerServiceAccount is the ServiceAccount that owns the secret which we put onto the kubeconfig that is in the seed

func TokenOwnerServiceAccountClusterRoleBinding ¶

func TokenOwnerServiceAccountClusterRoleBinding() (string, reconciling.ClusterRoleBindingCreator)

TokenOwnerServiceAccountClusterRoleBinding is the clusterrolebinding that gives the TokenOwnerServiceAccount admin powers

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL