Documentation
¶
Overview ¶
Package secrets provides resources which store secrets.
Index ¶
- Constants
- type API
- type APICertsSpec
- type APIRD
- type APIReadyCondition
- type CertSAN
- type CertSANRD
- type CertSANSpec
- func (spec *CertSANSpec) Append(sans ...string)
- func (spec *CertSANSpec) AppendDNSNames(dnsNames ...string)
- func (spec *CertSANSpec) AppendIPs(ips ...netaddr.IP)
- func (spec *CertSANSpec) AppendStdIPs(ips ...net.IP)
- func (o CertSANSpec) DeepCopy() CertSANSpec
- func (spec *CertSANSpec) Reset()
- func (spec *CertSANSpec) Sort()
- func (spec *CertSANSpec) StdIPs() []net.IP
- type Etcd
- type EtcdCertsSpec
- type EtcdRD
- type EtcdRoot
- type EtcdRootRD
- type EtcdRootSpec
- type Kubelet
- type KubeletRD
- type KubeletSpec
- type Kubernetes
- type KubernetesCertsSpec
- type KubernetesRD
- type KubernetesRoot
- type KubernetesRootRD
- type KubernetesRootSpec
- type OSRoot
- type OSRootRD
- type OSRootSpec
Constants ¶
const APIID = resource.ID("api")
APIID is a resource ID of singleton instance.
const APIType = resource.Type("ApiCertificates.secrets.talos.dev")
APIType is type of API resource.
const CertSANAPIID = resource.ID("api")
CertSANAPIID is a resource ID of singleton instance for the Talos API.
const CertSANKubernetesID = resource.ID("k8s")
CertSANKubernetesID is a resource ID of singleton instance for the Kubernetes API Server.
const CertSANType = resource.Type("CertSANs.secrets.talos.dev")
CertSANType is type of CertSAN resource.
const EtcdID = resource.ID("etcd")
EtcdID is a resource ID of singleton instance.
const EtcdRootID = resource.ID("etcd")
EtcdRootID is the IDs of EtcdRoot.
const EtcdRootType = resource.Type("EtcdRootSecrets.secrets.talos.dev")
EtcdRootType is type of EtcdRoot secret resource.
const EtcdType = resource.Type("EtcdSecrets.secrets.talos.dev")
EtcdType is type of Etcd resource.
const KubeletID = resource.ID("kubelet")
KubeletID is the ID of KubeletType resource.
const KubeletType = resource.Type("KubeletSecrets.secrets.talos.dev")
KubeletType is type of Kubelet secret resource.
const KubernetesID = resource.ID("k8s-certs")
KubernetesID is a resource ID of singleton instance.
const KubernetesRootID = resource.ID("k8s")
KubernetesRootID is the ID of KubernetesRootType resource.
const KubernetesRootType = resource.Type("KubernetesRootSecrets.secrets.talos.dev")
KubernetesRootType is type of KubernetesRoot secret resource.
const KubernetesType = resource.Type("KubernetesSecrets.secrets.talos.dev")
KubernetesType is type of Kubernetes resource.
const NamespaceName resource.Namespace = "secrets"
NamespaceName contains resources containing secret material.
const OSRootID = resource.ID("os")
OSRootID is the Resource ID for OSRoot.
const OSRootType = resource.Type("OSRootSecrets.secrets.talos.dev")
OSRootType is type of OSRoot secret resource.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type APICertsSpec ¶
type APICertsSpec struct {
CA *x509.PEMEncodedCertificateAndKey `yaml:"ca"` // only cert is passed, without key
Client *x509.PEMEncodedCertificateAndKey `yaml:"client"`
Server *x509.PEMEncodedCertificateAndKey `yaml:"server"`
}
APICertsSpec describes etcd certs secrets.
func (APICertsSpec) DeepCopy ¶ added in v1.1.0
func (o APICertsSpec) DeepCopy() APICertsSpec
DeepCopy generates a deep copy of APICertsSpec.
func (APICertsSpec) MarshalProto ¶
func (spec APICertsSpec) MarshalProto() ([]byte, error)
MarshalProto implements ProtoMarshaler.
func (*APICertsSpec) UnmarshalProto ¶ added in v1.1.0
func (spec *APICertsSpec) UnmarshalProto(protoBytes []byte) error
UnmarshalProto implements protobuf.ResourceUnmarshaler.
type APIRD ¶ added in v1.1.0
type APIRD struct{}
APIRD provides auxiliary methods for API.
func (APIRD) ResourceDefinition ¶ added in v1.1.0
func (APIRD) ResourceDefinition(resource.Metadata, APICertsSpec) meta.ResourceDefinitionSpec
ResourceDefinition implements meta.ResourceDefinitionProvider interface.
type APIReadyCondition ¶
type APIReadyCondition struct {
// contains filtered or unexported fields
}
APIReadyCondition implements condition which waits for the API certs to be ready.
func NewAPIReadyCondition ¶
func NewAPIReadyCondition(state state.State) *APIReadyCondition
NewAPIReadyCondition builds a coondition which waits for the API certs to be ready.
func (*APIReadyCondition) String ¶
func (condition *APIReadyCondition) String() string
type CertSAN ¶
type CertSAN = typed.Resource[CertSANSpec, CertSANRD]
CertSAN contains certficiate subject alternative names.
type CertSANRD ¶ added in v1.1.0
type CertSANRD struct{}
CertSANRD is a resource data of CertSAN.
func (CertSANRD) ResourceDefinition ¶ added in v1.1.0
func (CertSANRD) ResourceDefinition(resource.Metadata, CertSANSpec) meta.ResourceDefinitionSpec
ResourceDefinition implements meta.ResourceDefinitionProvider interface.
type CertSANSpec ¶
type CertSANSpec struct {
IPs []netaddr.IP `yaml:"ips"`
DNSNames []string `yaml:"dnsNames"`
FQDN string `yaml:"fqdn"`
}
CertSANSpec describes fields of the cert SANs.
func (*CertSANSpec) Append ¶
func (spec *CertSANSpec) Append(sans ...string)
Append list of SANs splitting into IPs/DNS names.
func (*CertSANSpec) AppendDNSNames ¶
func (spec *CertSANSpec) AppendDNSNames(dnsNames ...string)
AppendDNSNames skipping duplicates.
func (*CertSANSpec) AppendIPs ¶
func (spec *CertSANSpec) AppendIPs(ips ...netaddr.IP)
AppendIPs skipping duplicates.
func (*CertSANSpec) AppendStdIPs ¶
func (spec *CertSANSpec) AppendStdIPs(ips ...net.IP)
AppendStdIPs is same as AppendIPs, but for net.IP.
func (CertSANSpec) DeepCopy ¶ added in v1.1.0
func (o CertSANSpec) DeepCopy() CertSANSpec
DeepCopy generates a deep copy of CertSANSpec.
func (*CertSANSpec) Reset ¶ added in v1.0.5
func (spec *CertSANSpec) Reset()
Reset the list of SANs.
func (*CertSANSpec) StdIPs ¶
func (spec *CertSANSpec) StdIPs() []net.IP
StdIPs returns a list of converted std.IPs.
type EtcdCertsSpec ¶
type EtcdCertsSpec struct {
Etcd *x509.PEMEncodedCertificateAndKey `yaml:"etcd"`
EtcdPeer *x509.PEMEncodedCertificateAndKey `yaml:"etcdPeer"`
EtcdAdmin *x509.PEMEncodedCertificateAndKey `yaml:"etcdAdmin"`
EtcdAPIServer *x509.PEMEncodedCertificateAndKey `yaml:"etcdAPIServer"`
}
EtcdCertsSpec describes etcd certs secrets.
func (EtcdCertsSpec) DeepCopy ¶ added in v1.1.0
func (o EtcdCertsSpec) DeepCopy() EtcdCertsSpec
DeepCopy generates a deep copy of EtcdCertsSpec.
type EtcdRD ¶ added in v1.1.0
type EtcdRD struct{}
EtcdRD provides auxiliary methods for Etcd.
func (EtcdRD) ResourceDefinition ¶ added in v1.1.0
func (EtcdRD) ResourceDefinition(resource.Metadata, EtcdCertsSpec) meta.ResourceDefinitionSpec
ResourceDefinition implements meta.ResourceDefinitionProvider interface.
type EtcdRoot ¶
type EtcdRoot = typed.Resource[EtcdRootSpec, EtcdRootRD]
EtcdRoot contains root (not generated) secrets.
func NewEtcdRoot ¶
NewEtcdRoot initializes a EtcdRoot resource.
type EtcdRootRD ¶ added in v1.1.0
type EtcdRootRD struct{}
EtcdRootRD provides auxiliary methods for EtcdRoot.
func (EtcdRootRD) ResourceDefinition ¶ added in v1.1.0
func (EtcdRootRD) ResourceDefinition(resource.Metadata, EtcdRootSpec) meta.ResourceDefinitionSpec
ResourceDefinition implements meta.ResourceDefinitionProvider interface.
type EtcdRootSpec ¶
type EtcdRootSpec struct {
EtcdCA *x509.PEMEncodedCertificateAndKey `yaml:"etcdCA"`
}
EtcdRootSpec describes etcd CA secrets.
func (EtcdRootSpec) DeepCopy ¶ added in v1.1.0
func (o EtcdRootSpec) DeepCopy() EtcdRootSpec
DeepCopy generates a deep copy of EtcdRootSpec.
type Kubelet ¶
type Kubelet = typed.Resource[KubeletSpec, KubeletRD]
Kubelet contains root (not generated) secrets.
func NewKubelet ¶
NewKubelet initializes a Kubelet resource.
type KubeletRD ¶ added in v1.1.0
type KubeletRD struct{}
KubeletRD provides auxiliary methods for Kubelet.
func (KubeletRD) ResourceDefinition ¶ added in v1.1.0
func (KubeletRD) ResourceDefinition(resource.Metadata, KubeletSpec) meta.ResourceDefinitionSpec
ResourceDefinition implements meta.ResourceDefinitionProvider interface.
type KubeletSpec ¶
type KubeletSpec struct {
Endpoint *url.URL `yaml:"endpoint"`
CA *x509.PEMEncodedCertificateAndKey `yaml:"ca"`
BootstrapTokenID string `yaml:"bootstrapTokenID"`
BootstrapTokenSecret string `yaml:"bootstrapTokenSecret"`
}
KubeletSpec describes root Kubernetes secrets.
func (KubeletSpec) DeepCopy ¶ added in v1.1.0
func (o KubeletSpec) DeepCopy() KubeletSpec
DeepCopy generates a deep copy of KubeletSpec.
type Kubernetes ¶
type Kubernetes = typed.Resource[KubernetesCertsSpec, KubernetesRD]
Kubernetes contains K8s generated secrets.
func NewKubernetes ¶
func NewKubernetes() *Kubernetes
NewKubernetes initializes a Kubernetes resource.
type KubernetesCertsSpec ¶
type KubernetesCertsSpec struct {
APIServer *x509.PEMEncodedCertificateAndKey `yaml:"apiServer"`
APIServerKubeletClient *x509.PEMEncodedCertificateAndKey `yaml:"apiServerKubeletClient"`
FrontProxy *x509.PEMEncodedCertificateAndKey `yaml:"frontProxy"`
SchedulerKubeconfig string `yaml:"schedulerKubeconfig"`
ControllerManagerKubeconfig string `yaml:"controllerManagerKubeconfig"`
// Admin-level kubeconfig with access through the localhost endpoint and cluster endpoints.
LocalhostAdminKubeconfig string `yaml:"localhostAdminKubeconfig"`
AdminKubeconfig string `yaml:"adminKubeconfig"`
}
KubernetesCertsSpec describes generated Kubernetes certificates.
func (KubernetesCertsSpec) DeepCopy ¶ added in v1.1.0
func (o KubernetesCertsSpec) DeepCopy() KubernetesCertsSpec
DeepCopy generates a deep copy of KubernetesCertsSpec.
type KubernetesRD ¶ added in v1.1.0
type KubernetesRD struct{}
KubernetesRD provides auxiliary methods for Kubernetes.
func (KubernetesRD) ResourceDefinition ¶ added in v1.1.0
func (KubernetesRD) ResourceDefinition(resource.Metadata, KubernetesCertsSpec) meta.ResourceDefinitionSpec
ResourceDefinition implements meta.ResourceDefinitionProvider interface.
type KubernetesRoot ¶
type KubernetesRoot = typed.Resource[KubernetesRootSpec, KubernetesRootRD]
KubernetesRoot contains root (not generated) secrets.
func NewKubernetesRoot ¶
func NewKubernetesRoot(id resource.ID) *KubernetesRoot
NewKubernetesRoot initializes a KubernetesRoot resource.
type KubernetesRootRD ¶ added in v1.1.0
type KubernetesRootRD struct{}
KubernetesRootRD provides auxiliary methods for KubernetesRoot.
func (KubernetesRootRD) ResourceDefinition ¶ added in v1.1.0
func (KubernetesRootRD) ResourceDefinition(resource.Metadata, KubernetesRootSpec) meta.ResourceDefinitionSpec
ResourceDefinition implements meta.ResourceDefinitionProvider interface.
type KubernetesRootSpec ¶
type KubernetesRootSpec struct {
Name string `yaml:"name"`
Endpoint *url.URL `yaml:"endpoint"`
CertSANs []string `yaml:"certSANs"`
APIServerIPs []net.IP `yaml:"apiServerIPs"`
DNSDomain string `yaml:"dnsDomain"`
CA *x509.PEMEncodedCertificateAndKey `yaml:"ca"`
ServiceAccount *x509.PEMEncodedKey `yaml:"serviceAccount"`
AggregatorCA *x509.PEMEncodedCertificateAndKey `yaml:"aggregatorCA"`
AESCBCEncryptionSecret string `yaml:"aesCBCEncryptionSecret"`
BootstrapTokenID string `yaml:"bootstrapTokenID"`
BootstrapTokenSecret string `yaml:"bootstrapTokenSecret"`
}
KubernetesRootSpec describes root Kubernetes secrets.
func (KubernetesRootSpec) DeepCopy ¶ added in v1.1.0
func (o KubernetesRootSpec) DeepCopy() KubernetesRootSpec
DeepCopy generates a deep copy of KubernetesRootSpec.
type OSRoot ¶
type OSRoot = typed.Resource[OSRootSpec, OSRootRD]
OSRoot contains root (not generated) secrets.
type OSRootRD ¶ added in v1.1.0
type OSRootRD struct{}
OSRootRD provides auxiliary methods for OSRoot.
func (OSRootRD) ResourceDefinition ¶ added in v1.1.0
func (OSRootRD) ResourceDefinition(resource.Metadata, OSRootSpec) meta.ResourceDefinitionSpec
ResourceDefinition implements meta.ResourceDefinitionProvider interface.
type OSRootSpec ¶
type OSRootSpec struct {
CA *x509.PEMEncodedCertificateAndKey `yaml:"ca"`
CertSANIPs []netaddr.IP `yaml:"certSANIPs"`
CertSANDNSNames []string `yaml:"certSANDNSNames"`
Token string `yaml:"token"`
}
OSRootSpec describes operating system CA.
func (OSRootSpec) DeepCopy ¶ added in v1.1.0
func (o OSRootSpec) DeepCopy() OSRootSpec
DeepCopy generates a deep copy of OSRootSpec.
Source Files