secrets

package
v0.0.0-...-ffdfc10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 26, 2025 License: MPL-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package secrets provides resources which store secrets.

Index

Constants

View Source 
const APIID = resource.ID("api")

APIID is a resource ID of singleton instance.

View Source 
const APIType = resource.Type("ApiCertificates.secrets.talos.dev")

APIType is type of API resource.

View Source 
const CertSANAPIID = resource.ID("api")

CertSANAPIID is a resource ID of singleton instance for the Talos API.

View Source 
const CertSANKubernetesID = resource.ID("k8s")

CertSANKubernetesID is a resource ID of singleton instance for the Kubernetes API Server.

View Source 
const CertSANMaintenanceID = resource.ID("maintenance")

CertSANMaintenanceID is a resource ID of singleton instance for the Talos Maintenance API.

View Source 
const CertSANType = resource.Type("CertSANs.secrets.talos.dev")

CertSANType is type of CertSAN resource.

View Source 
const EtcdID = resource.ID("etcd")

EtcdID is a resource ID of singleton instance.

View Source 
const EtcdRootID = resource.ID("etcd")

EtcdRootID is the IDs of EtcdRoot.

View Source 
const EtcdRootType = resource.Type("EtcdRootSecrets.secrets.talos.dev")

EtcdRootType is type of EtcdRoot secret resource.

View Source 
const EtcdType = resource.Type("EtcdSecrets.secrets.talos.dev")

EtcdType is type of Etcd resource.

View Source 
const KubeletID = resource.ID("kubelet")

KubeletID is the ID of KubeletType resource.

View Source 
const KubeletType = resource.Type("KubeletSecrets.secrets.talos.dev")

KubeletType is type of Kubelet secret resource.

View Source 
const KubernetesDynamicCertsID = resource.ID("k8s-dynamic-certs")

KubernetesDynamicCertsID is a resource ID of singleton instance.

View Source 
const KubernetesDynamicCertsType = resource.Type("KubernetesDynamicCerts.secrets.talos.dev")

KubernetesDynamicCertsType is type of KubernetesCerts resource.

View Source 
const KubernetesID = resource.ID("k8s-certs")

KubernetesID is a resource ID of singleton instance.

View Source 
const KubernetesRootID = resource.ID("k8s")

KubernetesRootID is the ID of KubernetesRootType resource.

View Source 
const KubernetesRootType = resource.Type("KubernetesRootSecrets.secrets.talos.dev")

KubernetesRootType is type of KubernetesRoot secret resource.

View Source 
const KubernetesType = resource.Type("KubernetesSecrets.secrets.talos.dev")

KubernetesType is type of Kubernetes resource.

View Source 
const MaintenanceRootID = resource.ID("maintenance")

MaintenanceRootID is the Resource ID for MaintenanceRoot.

View Source 
const MaintenanceRootType = resource.Type("MaintenanceRootSecrets.secrets.talos.dev")

MaintenanceRootType is type of MaintenanceRoot secret resource.

View Source 
const MaintenanceServiceCertsID = resource.ID("maintenance")

MaintenanceServiceCertsID is a resource ID of singleton instance.

View Source 
const MaintenanceServiceCertsType = resource.Type("MaintenanceServiceCertificates.secrets.talos.dev")

MaintenanceServiceCertsType is type of MaintenanceCerts resource.

View Source 
const NamespaceName resource.Namespace = "secrets"

NamespaceName contains resources containing secret material.

View Source 
const OSRootID = resource.ID("os")

OSRootID is the Resource ID for OSRoot.

View Source 
const OSRootType = resource.Type("OSRootSecrets.secrets.talos.dev")

OSRootType is type of OSRoot secret resource.

View Source 
const TrustdID = resource.ID("trustd")

TrustdID is a resource ID of singleton instance.

View Source 
const TrustdType = resource.Type("TrustdCertificates.secrets.talos.dev")

TrustdType is type of Trustd resource.

Variables

This section is empty.

Functions

This section is empty.

Types

type API 

type API = typed.Resource[APICertsSpec, APIExtension]

API contains apid generated secrets.

func NewAPI 

func NewAPI() *API

NewAPI initializes an API resource.

type APICertsSpec 

type APICertsSpec struct {
	AcceptedCAs []*x509.PEMEncodedCertificate     `yaml:"acceptedCAs" protobuf:"4"`
	Client      *x509.PEMEncodedCertificateAndKey `yaml:"client" protobuf:"2"`
	Server      *x509.PEMEncodedCertificateAndKey `yaml:"server" protobuf:"3"`
}

APICertsSpec describes etcd certs secrets.

func (APICertsSpec) DeepCopy 

func (o APICertsSpec) DeepCopy() APICertsSpec

DeepCopy generates a deep copy of APICertsSpec.

type APIExtension 

type APIExtension struct{}

APIExtension provides auxiliary methods for API.

func (APIExtension) ResourceDefinition 

func (APIExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type APIReadyCondition 

type APIReadyCondition struct {
	// contains filtered or unexported fields
}

APIReadyCondition implements condition which waits for the API certs to be ready.

func NewAPIReadyCondition 

func NewAPIReadyCondition(state state.State) *APIReadyCondition

NewAPIReadyCondition builds a coondition which waits for the API certs to be ready.

func (*APIReadyCondition) String 

func (condition *APIReadyCondition) String() string

func (*APIReadyCondition) Wait 

func (condition *APIReadyCondition) Wait(ctx context.Context) error

Wait implements condition interface.

type CertSAN 

type CertSAN = typed.Resource[CertSANSpec, CertSANExtension]

CertSAN contains certficiate subject alternative names.

func NewCertSAN 

func NewCertSAN(namespace resource.Namespace, id resource.ID) *CertSAN

NewCertSAN initializes a Etc resource.

type CertSANExtension 

type CertSANExtension struct{}

CertSANExtension is a resource data of CertSAN.

func (CertSANExtension) ResourceDefinition 

func (CertSANExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type CertSANSpec 

type CertSANSpec struct {
	IPs      []netip.Addr `yaml:"ips" protobuf:"1"`
	DNSNames []string     `yaml:"dnsNames" protobuf:"2"`
	FQDN     string       `yaml:"fqdn" protobuf:"3"`
}

CertSANSpec describes fields of the cert SANs.

func (*CertSANSpec) Append 

func (spec *CertSANSpec) Append(sans ...string)

Append list of SANs splitting into IPs/DNS names.

func (*CertSANSpec) AppendDNSNames 

func (spec *CertSANSpec) AppendDNSNames(dnsNames ...string)

AppendDNSNames skipping duplicates.

func (*CertSANSpec) AppendIPs 

func (spec *CertSANSpec) AppendIPs(ips ...netip.Addr)

AppendIPs skipping duplicates.

func (CertSANSpec) DeepCopy 

func (o CertSANSpec) DeepCopy() CertSANSpec

DeepCopy generates a deep copy of CertSANSpec.

func (*CertSANSpec) Reset 

func (spec *CertSANSpec) Reset()

Reset the list of SANs.

func (*CertSANSpec) Sort 

func (spec *CertSANSpec) Sort()

Sort the CertSANs.

func (*CertSANSpec) StdIPs 

func (spec *CertSANSpec) StdIPs() []net.IP

StdIPs returns a list of converted std.IPs.

type Etcd 

type Etcd = typed.Resource[EtcdCertsSpec, EtcdExtension]

Etcd contains etcd generated secrets.

func NewEtcd 

func NewEtcd() *Etcd

NewEtcd initializes a Etc resource.

type EtcdCertsSpec 

type EtcdCertsSpec struct {
	Etcd          *x509.PEMEncodedCertificateAndKey `yaml:"etcd" protobuf:"1"`
	EtcdPeer      *x509.PEMEncodedCertificateAndKey `yaml:"etcdPeer" protobuf:"2"`
	EtcdAdmin     *x509.PEMEncodedCertificateAndKey `yaml:"etcdAdmin" protobuf:"3"`
	EtcdAPIServer *x509.PEMEncodedCertificateAndKey `yaml:"etcdAPIServer" protobuf:"4"`
}

EtcdCertsSpec describes etcd certs secrets.

func (EtcdCertsSpec) DeepCopy 

func (o EtcdCertsSpec) DeepCopy() EtcdCertsSpec

DeepCopy generates a deep copy of EtcdCertsSpec.

type EtcdExtension 

type EtcdExtension struct{}

EtcdExtension provides auxiliary methods for Etcd.

func (EtcdExtension) ResourceDefinition 

func (EtcdExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type EtcdRoot 

type EtcdRoot = typed.Resource[EtcdRootSpec, EtcdRootExtension]

EtcdRoot contains root (not generated) secrets.

func NewEtcdRoot 

func NewEtcdRoot(id resource.ID) *EtcdRoot

NewEtcdRoot initializes a EtcdRoot resource.

type EtcdRootExtension 

type EtcdRootExtension struct{}

EtcdRootExtension provides auxiliary methods for EtcdRoot.

func (EtcdRootExtension) ResourceDefinition 

func (EtcdRootExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type EtcdRootSpec 

type EtcdRootSpec struct {
	EtcdCA *x509.PEMEncodedCertificateAndKey `yaml:"etcdCA" protobuf:"1"`
}

EtcdRootSpec describes etcd CA secrets.

func (EtcdRootSpec) DeepCopy 

func (o EtcdRootSpec) DeepCopy() EtcdRootSpec

DeepCopy generates a deep copy of EtcdRootSpec.

type Kubelet 

type Kubelet = typed.Resource[KubeletSpec, KubeletExtension]

Kubelet contains root (not generated) secrets.

func NewKubelet 

func NewKubelet(id resource.ID) *Kubelet

NewKubelet initializes a Kubelet resource.

type KubeletExtension 

type KubeletExtension struct{}

KubeletExtension provides auxiliary methods for Kubelet.

func (KubeletExtension) ResourceDefinition 

func (KubeletExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type KubeletSpec 

type KubeletSpec struct {
	Endpoint *url.URL `yaml:"endpoint" protobuf:"1"`

	AcceptedCAs []*x509.PEMEncodedCertificate `yaml:"acceptedCAs" protobuf:"5"`

	BootstrapTokenID     string `yaml:"bootstrapTokenID" protobuf:"3"`
	BootstrapTokenSecret string `yaml:"bootstrapTokenSecret" protobuf:"4"`
}

KubeletSpec describes root Kubernetes secrets.

func (KubeletSpec) DeepCopy 

func (o KubeletSpec) DeepCopy() KubeletSpec

DeepCopy generates a deep copy of KubeletSpec.

type Kubernetes 

type Kubernetes = typed.Resource[KubernetesCertsSpec, KubernetesExtension]

Kubernetes contains K8s generated secrets.

Kubernetes resource contains secrets which require reload of the control plane pods if updated.

func NewKubernetes 

func NewKubernetes() *Kubernetes

NewKubernetes initializes a Kubernetes resource.

type KubernetesCertsSpec 

type KubernetesCertsSpec struct {
	SchedulerKubeconfig         string `yaml:"schedulerKubeconfig" protobuf:"4"`
	ControllerManagerKubeconfig string `yaml:"controllerManagerKubeconfig" protobuf:"5"`

	// Admin-level kubeconfig with access through the localhost endpoint and cluster endpoints.
	LocalhostAdminKubeconfig string `yaml:"localhostAdminKubeconfig" protobuf:"6"`
	AdminKubeconfig          string `yaml:"adminKubeconfig" protobuf:"7"`
}

KubernetesCertsSpec describes generated Kubernetes certificates.

func (KubernetesCertsSpec) DeepCopy 

func (o KubernetesCertsSpec) DeepCopy() KubernetesCertsSpec

DeepCopy generates a deep copy of KubernetesCertsSpec.

type KubernetesDynamicCerts 

type KubernetesDynamicCerts = typed.Resource[KubernetesDynamicCertsSpec, KubernetesDynamicCertsExtension]

KubernetesDynamicCerts contains K8s generated secrets.

KubernetesDynamicCerts resource contains secrets which do not require reload when updated.

func NewKubernetesDynamicCerts 

func NewKubernetesDynamicCerts() *KubernetesDynamicCerts

NewKubernetesDynamicCerts initializes a KubernetesCerts resource.

type KubernetesDynamicCertsExtension 

type KubernetesDynamicCertsExtension struct{}

KubernetesDynamicCertsExtension provides auxiliary methods for KubernetesCerts.

func (KubernetesDynamicCertsExtension) ResourceDefinition 

func (KubernetesDynamicCertsExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type KubernetesDynamicCertsSpec 

type KubernetesDynamicCertsSpec struct {
	APIServer              *x509.PEMEncodedCertificateAndKey `yaml:"apiServer" protobuf:"1"`
	APIServerKubeletClient *x509.PEMEncodedCertificateAndKey `yaml:"apiServerKubeletClient" protobuf:"2"`
	FrontProxy             *x509.PEMEncodedCertificateAndKey `yaml:"frontProxy" protobuf:"3"`
}

KubernetesDynamicCertsSpec describes generated KubernetesCerts certificates.

func (KubernetesDynamicCertsSpec) DeepCopy 

func (o KubernetesDynamicCertsSpec) DeepCopy() KubernetesDynamicCertsSpec

DeepCopy generates a deep copy of KubernetesDynamicCertsSpec.

type KubernetesExtension 

type KubernetesExtension struct{}

KubernetesExtension provides auxiliary methods for Kubernetes.

func (KubernetesExtension) ResourceDefinition 

func (KubernetesExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type KubernetesRoot 

type KubernetesRoot = typed.Resource[KubernetesRootSpec, KubernetesRootExtension]

KubernetesRoot contains root (not generated) secrets.

func NewKubernetesRoot 

func NewKubernetesRoot(id resource.ID) *KubernetesRoot

NewKubernetesRoot initializes a KubernetesRoot resource.

type KubernetesRootExtension 

type KubernetesRootExtension struct{}

KubernetesRootExtension provides auxiliary methods for KubernetesRoot.

func (KubernetesRootExtension) ResourceDefinition 

func (KubernetesRootExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type KubernetesRootSpec 

type KubernetesRootSpec struct {
	Name          string       `yaml:"name" protobuf:"1"`
	Endpoint      *url.URL     `yaml:"endpoint" protobuf:"2"`
	LocalEndpoint *url.URL     `yaml:"local_endpoint" protobuf:"3"`
	CertSANs      []string     `yaml:"certSANs" protobuf:"4"`
	APIServerIPs  []netip.Addr `yaml:"apiServerIPs" protobuf:"14"`
	DNSDomain     string       `yaml:"dnsDomain" protobuf:"6"`

	IssuingCA      *x509.PEMEncodedCertificateAndKey `yaml:"issuingCA" protobuf:"7"`
	AcceptedCAs    []*x509.PEMEncodedCertificate     `yaml:"acceptedCAs" protobuf:"15"`
	ServiceAccount *x509.PEMEncodedKey               `yaml:"serviceAccount" protobuf:"8"`
	AggregatorCA   *x509.PEMEncodedCertificateAndKey `yaml:"aggregatorCA" protobuf:"9"`

	AESCBCEncryptionSecret string `yaml:"aesCBCEncryptionSecret" protobuf:"10"`

	BootstrapTokenID     string `yaml:"bootstrapTokenID" protobuf:"11"`
	BootstrapTokenSecret string `yaml:"bootstrapTokenSecret" protobuf:"12"`

	SecretboxEncryptionSecret string `yaml:"secretboxEncryptionSecret" protobuf:"13"`
}

KubernetesRootSpec describes root Kubernetes secrets.

func (KubernetesRootSpec) DeepCopy 

func (o KubernetesRootSpec) DeepCopy() KubernetesRootSpec

DeepCopy generates a deep copy of KubernetesRootSpec.

type MaintenanceCertsExtension 

type MaintenanceCertsExtension struct{}

MaintenanceCertsExtension provides auxiliary methods for MaintenanceCerts.

func (MaintenanceCertsExtension) ResourceDefinition 

func (MaintenanceCertsExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type MaintenanceRoot 

type MaintenanceRoot = typed.Resource[MaintenanceRootSpec, MaintenanceRootExtension]

MaintenanceRoot contains root secrets for the maintenance service.

func NewMaintenanceRoot 

func NewMaintenanceRoot(id resource.ID) *MaintenanceRoot

NewMaintenanceRoot initializes a MaintenanceRoot resource.

type MaintenanceRootExtension 

type MaintenanceRootExtension struct{}

MaintenanceRootExtension provides auxiliary methods for MaintenanceRoot.

func (MaintenanceRootExtension) ResourceDefinition 

func (MaintenanceRootExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type MaintenanceRootSpec 

type MaintenanceRootSpec struct {
	CA *x509.PEMEncodedCertificateAndKey `yaml:"ca" protobuf:"1"`
}

MaintenanceRootSpec describes maintenance service CA.

func (MaintenanceRootSpec) DeepCopy 

func (o MaintenanceRootSpec) DeepCopy() MaintenanceRootSpec

DeepCopy generates a deep copy of MaintenanceRootSpec.

type MaintenanceServiceCerts 

type MaintenanceServiceCerts = typed.Resource[MaintenanceServiceCertsSpec, MaintenanceCertsExtension]

MaintenanceServiceCerts contains Maintenance Service generated secrets.

func NewMaintenanceServiceCerts 

func NewMaintenanceServiceCerts() *MaintenanceServiceCerts

NewMaintenanceServiceCerts initializes an MaintenanceCerts resource.

type MaintenanceServiceCertsSpec 

type MaintenanceServiceCertsSpec struct {
	CA     *x509.PEMEncodedCertificateAndKey `yaml:"ca" protobuf:"1"` // only cert is passed, without key
	Server *x509.PEMEncodedCertificateAndKey `yaml:"server" protobuf:"2"`
}

MaintenanceServiceCertsSpec describes maintenance service certs secrets.

func (MaintenanceServiceCertsSpec) DeepCopy 

func (o MaintenanceServiceCertsSpec) DeepCopy() MaintenanceServiceCertsSpec

DeepCopy generates a deep copy of MaintenanceServiceCertsSpec.

type OSRoot 

type OSRoot = typed.Resource[OSRootSpec, OSRootExtension]

OSRoot contains root (not generated) secrets.

func NewOSRoot 

func NewOSRoot(id resource.ID) *OSRoot

NewOSRoot initializes a OSRoot resource.

type OSRootExtension 

type OSRootExtension struct{}

OSRootExtension provides auxiliary methods for OSRoot.

func (OSRootExtension) ResourceDefinition 

func (OSRootExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

type OSRootSpec 

type OSRootSpec struct {
	IssuingCA       *x509.PEMEncodedCertificateAndKey `yaml:"issuingCA" protobuf:"1"`
	AcceptedCAs     []*x509.PEMEncodedCertificate     `yaml:"acceptedCAs" protobuf:"5"`
	CertSANIPs      []netip.Addr                      `yaml:"certSANIPs" protobuf:"2"`
	CertSANDNSNames []string                          `yaml:"certSANDNSNames" protobuf:"3"`

	Token string `yaml:"token" protobuf:"4"`
}

OSRootSpec describes operating system CA.

func (OSRootSpec) DeepCopy 

func (o OSRootSpec) DeepCopy() OSRootSpec

DeepCopy generates a deep copy of OSRootSpec.

type Trustd 

type Trustd = typed.Resource[TrustdCertsSpec, TrustdExtension]

Trustd contains trustd generated secrets.

func NewTrustd 

func NewTrustd() *Trustd

NewTrustd initializes a Trustd resource.

type TrustdCertsSpec 

type TrustdCertsSpec struct {
	AcceptedCAs []*x509.PEMEncodedCertificate     `yaml:"acceptedCAs" protobuf:"3"`
	Server      *x509.PEMEncodedCertificateAndKey `yaml:"server" protobuf:"2"`
}

TrustdCertsSpec describes etcd certs secrets.

func (TrustdCertsSpec) DeepCopy 

func (o TrustdCertsSpec) DeepCopy() TrustdCertsSpec

DeepCopy generates a deep copy of TrustdCertsSpec.

type TrustdExtension 

type TrustdExtension struct{}

TrustdExtension provides auxiliary methods for Trustd.

func (TrustdExtension) ResourceDefinition 

func (TrustdExtension) ResourceDefinition() meta.ResourceDefinitionSpec

ResourceDefinition implements meta.ResourceDefinitionProvider interface.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.