render

package
v1.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 8, 2020 License: Apache-2.0 Imports: 34 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	APIServerNamespace      = "tigera-system"
	APIServerTLSSecretName  = "tigera-apiserver-certs"
	APIServerSecretKeyName  = "apiserver.key"
	APIServerSecretCertName = "apiserver.crt"
)
View Source 
const (
	ElasticsearchUserComplianceBenchmarker = "tigera-ee-compliance-benchmarker"
	ElasticsearchUserComplianceController  = "tigera-ee-compliance-controller"
	ElasticsearchUserComplianceReporter    = "tigera-ee-compliance-reporter"
	ElasticsearchUserComplianceSnapshotter = "tigera-ee-compliance-snapshotter"
	ElasticsearchUserComplianceServer      = "tigera-ee-compliance-server"
	ElasticsearchUserCurator               = "tigera-ee-curator"
)
View Source 
const (
	CNICalico = "calico"
	CNINone   = "none"
)
View Source 
const (
	ECKOperatorName      = "elastic-operator"
	ECKOperatorNamespace = "tigera-eck-operator"
	ECKWebhookSecretName = "webhook-server-secret"

	ElasticsearchStorageClass  = "tigera-elasticsearch"
	ElasticsearchNamespace     = "tigera-elasticsearch"
	ElasticsearchHTTPURL       = "tigera-secure-es-http.tigera-elasticsearch.svc"
	ElasticsearchHTTPSEndpoint = "https://tigera-secure-es-http.tigera-elasticsearch.svc:9200"
	ElasticsearchName          = "tigera-secure"

	KibanaHTTPURL          = "tigera-secure-kb-http.tigera-kibana.svc"
	KibanaHTTPSEndpoint    = "https://tigera-secure-kb-http.tigera-kibana.svc:5601"
	KibanaName             = "tigera-secure"
	KibanaNamespace        = "tigera-kibana"
	KibanaPublicCertSecret = "tigera-secure-kb-http-certs-public"
	TigeraKibanaCertSecret = "tigera-secure-kibana-cert"
	KibanaDefaultCertPath  = "/etc/ssl/kibana/ca.pem"
	KibanaBasePath         = "tigera-kibana"
)
View Source 
const (
	ElasticsearchDefaultCertDir   = "/etc/ssl/elastic/"
	ElasticsearchDefaultCertPath  = ElasticsearchDefaultCertDir + "ca.pem"
	TigeraElasticsearchCertSecret = "tigera-secure-elasticsearch-cert"
	ElasticsearchPublicCertSecret = "tigera-secure-es-http-certs-public"
)
View Source 
const (
	LogCollectorNamespace      = "tigera-fluentd"
	FluentdFilterConfigMapName = "fluentd-filters"
	FluentdFilterFlowName      = "flow"
	FluentdFilterDNSName       = "dns"
	S3FluentdSecretName        = "log-collector-s3-credentials"
	S3KeyIdName                = "key-id"
	S3KeySecretName            = "key-secret"

	ElasticsearchUserLogCollector    = "tigera-fluentd"
	ElasticsearchUserEksLogForwarder = "tigera-eks-log-forwarder"
	EksLogForwarderSecret            = "tigera-eks-log-forwarder-secret"
	EksLogForwarderAwsId             = "aws-id"
	EksLogForwarderAwsKey            = "aws-key"
)
View Source 
const (
	CalicoRegistry = "docker.io/"
	TigeraRegistry = "quay.io/"
	K8sGcrRegistry = "gcr.io/"
	ECKRegistry    = "docker.elastic.co/"
)

Default registries for Calico and Tigera.

View Source 
const (
	NodeImageNameCalico            = "calico/node:" + components.VersionCalicoNode
	CNIImageName                   = "calico/cni:" + components.VersionCalicoCNI
	TyphaImageNameCalico           = "calico/typha:" + components.VersionCalicoTypha
	KubeControllersImageNameCalico = "calico/kube-controllers:" + components.VersionCalicoKubeControllers
	FlexVolumeImageName            = "calico/pod2daemon-flexvol:" + components.VersionFlexVolume
)

This section contains images used when installing open-source Calico.

View Source 
const (
	// Overrides for Calico.
	NodeImageNameTigera            = "tigera/cnx-node:" + components.VersionTigeraNode
	TyphaImageNameTigera           = "tigera/typha:" + components.VersionTigeraTypha
	KubeControllersImageNameTigera = "tigera/kube-controllers:" + components.VersionTigeraKubeControllers

	// API server images.
	APIServerImageName   = "tigera/cnx-apiserver:" + components.VersionAPIServer
	QueryServerImageName = "tigera/cnx-queryserver:" + components.VersionQueryServer

	// Logging
	FluentdImageName = "tigera/fluentd:" + components.VersionFluentd

	// Compliance images.
	ComplianceControllerImage  = "tigera/compliance-controller:" + components.VersionComplianceController
	ComplianceReporterImage    = "tigera/compliance-reporter:" + components.VersionComplianceReporter
	ComplianceServerImage      = "tigera/compliance-server:" + components.VersionComplianceServer
	ComplianceSnapshotterImage = "tigera/compliance-snapshotter:" + components.VersionComplianceSnapshotter
	ComplianceBenchmarkerImage = "tigera/compliance-benchmarker:" + components.VersionComplianceBenchmarker

	// Intrusion detection images.
	IntrusionDetectionControllerImageName   = "tigera/intrusion-detection-controller:" + components.VersionIntrusionDetectionController
	IntrusionDetectionJobInstallerImageName = "tigera/intrusion-detection-job-installer:" + components.VersionIntrusionDetectionJobInstaller

	// Manager images.
	ManagerImageName        = "tigera/cnx-manager:" + components.VersionManager
	ManagerProxyImageName   = "tigera/voltron:" + components.VersionManagerProxy
	ManagerEsProxyImageName = "tigera/es-proxy:" + components.VersionManagerEsProxy

	KibanaImageName = "tigera/kibana:" + components.VersionKibana

	ECKOperatorImageName      = "eck/eck-operator:" + components.VersionECKOperator
	ECKElasticsearchImageName = "elasticsearch/elasticsearch:" + components.VersionECKElasticsearch
	EsCuratorImageName        = "tigera/es-curator:" + components.VersionEsCurator
)

This section contains images used when installing Tigera Secure.

View Source 
const (
	IntrusionDetectionNamespace = "tigera-intrusion-detection"

	ElasticsearchUserIntrusionDetection    = "tigera-ee-intrusion-detection"
	ElasticsearchUserIntrusionDetectionJob = "tigera-ee-installer"
)
View Source 
const (
	ManagerNamespace        = "tigera-manager"
	ManagerTLSSecretName    = "manager-tls"
	ManagerSecretKeyName    = "key"
	ManagerSecretCertName   = "cert"
	ManagerOIDCConfig       = "tigera-manager-oidc-config"
	ManagerOIDCWellknownURI = "/usr/share/nginx/html/.well-known"
	ManagerOIDCJwksURI      = "/usr/share/nginx/html/discovery"

	ElasticsearchUserManager = "tigera-ee-manager"
)
View Source 
const (
	CalicoNamespace           = "calico-system"
	TigeraPrometheusNamespace = "tigera-prometheus"
)
View Source 
const (
	TyphaServiceName              = "calico-typha"
	TyphaPortName                 = "calico-typha"
	TyphaK8sAppName               = "calico-typha"
	TyphaServiceAccountName       = "calico-typha"
	TyphaDeploymentName           = "calico-typha"
	AppLabelName                  = "k8s-app"
	TyphaPort               int32 = 5473
)
View Source 
const (
	BirdTemplatesConfigMapName = "bird-templates"
)
View Source 
const (
	ComplianceNamespace = "tigera-compliance"
)
View Source 
const (
	// The version is supplied by the renderer.
	OperatorInitImageName = "tigera/operator-init:"
)

This section contains images used for utility operator functions.

View Source 
const (
	Optional = true
)
View Source 
const TigeraAWSSGSetupName = "tigera-aws-security-group-setup"

Variables

View Source 
var (
	TyphaCAConfigMapName = "typha-ca"
	TyphaCABundleName    = "caBundle"
	TyphaTLSSecretName   = "typha-certs"
	NodeTLSSecretName    = "node-certs"
	TLSSecretCertName    = "cert.crt"
	TLSSecretKeyName     = "key.key"
	CommonName           = "common-name"
	URISAN               = "uri-san"
)
View Source 
var (
	EsCuratorName = "elastic-curator"
)

Functions

func AnnotationHash added in v1.0.0 

func AnnotationHash(i interface{}) string

AnnotationHash is to generate a hash that can be included in a Deployment or DaemonSet to trigger a restart/rolling update when a ConfigMap or Secret is updated.

func ElasticsearchContainerDecorate added in v1.0.0 

func ElasticsearchContainerDecorate(c corev1.Container, cluster, secret string) corev1.Container

func ElasticsearchContainerDecorateENVVars added in v1.0.0 

func ElasticsearchContainerDecorateENVVars(c corev1.Container, cluster, esUsername string) corev1.Container

func ElasticsearchContainerDecorateIndexCreator added in v1.0.2 

func ElasticsearchContainerDecorateIndexCreator(c corev1.Container, replicas, shards int) corev1.Container

func ElasticsearchContainerDecorateVolumeMounts added in v1.0.0 

func ElasticsearchContainerDecorateVolumeMounts(c corev1.Container) corev1.Container

func ElasticsearchDefaultVolume added in v1.0.0 

func ElasticsearchDefaultVolume() corev1.Volume

func ElasticsearchDefaultVolumeMount added in v1.0.0 

func ElasticsearchDefaultVolumeMount() corev1.VolumeMount

func ElasticsearchPodSpecDecorate added in v1.0.0 

func ElasticsearchPodSpecDecorate(p corev1.PodSpec) corev1.PodSpec

func KubeControllers 

func KubeControllers(cr *operator.Installation) *kubeControllersComponent

func OperatorNamespace added in v1.0.0 

func OperatorNamespace() string

func ParseEndpoint 

func ParseEndpoint(endpoint string) (string, string, string, error)

ParseEndpoint parses an endpoint of the form scheme://host:port and returns the components.

func ParseHostPort added in v1.0.0 

func ParseHostPort(hostport string) (string, string, error)

func SetTestLogger 

func SetTestLogger(l logr.Logger)

Types

type Component 

type Component interface {
	// Objects returns all objects this component contains.
	Objects() []runtime.Object

	// Ready returns true if the component is ready to be created.
	Ready() bool
}

func APIServer 

func APIServer(registry string, tlsKeyPair *corev1.Secret, pullSecrets []*corev1.Secret, openshift bool) (Component, error)

func AWSSecurityGroupSetup added in v1.0.0 

func AWSSecurityGroupSetup(ps []corev1.LocalObjectReference, r string) (Component, error)

func Compliance 

func Compliance(
	ls *operatorv1.LogStorage,
	esSecrets []*corev1.Secret,
	registry string,
	clusterName string,
	pullSecrets []*corev1.Secret,
	openshift bool,
) Component

func ConfigMaps added in v1.0.0 

func ConfigMaps(cms []*corev1.ConfigMap) Component

func CustomResourceDefinitions 

func CustomResourceDefinitions(cr *operator.Installation) Component

func ElasticCurator added in v1.0.0 

func ElasticCurator(logStorage operatorv1.LogStorage, esSecrets, pullSecrets []*corev1.Secret, registry, clusterName string) Component

func Elasticsearch added in v1.0.0 

func Elasticsearch(
	logStorage *operatorv1.LogStorage,
	esCertSecret *corev1.Secret,
	kibanaCertSecret *corev1.Secret,
	createWebhookSecret bool,
	pullSecrets []*corev1.Secret,
	provider operatorv1.Provider,
	registry string) (Component, error)

func ElasticsearchSecrets added in v1.0.0 

func ElasticsearchSecrets(updatedESUserSecrets []*corev1.Secret, esPublicCertSecret *corev1.Secret, kibanaPublicCertSecret *corev1.Secret) Component

func Fluentd added in v1.0.0 

func Fluentd(
	lc *operatorv1.LogCollector,
	ls *operatorv1.LogStorage,
	esSecrets []*corev1.Secret,
	cluster string,
	s3C *S3Credential,
	f *FluentdFilters,
	eksConfig *EksCloudwatchLogConfig,

	pullSecrets []*corev1.Secret,
	installation *operatorv1.Installation,
) Component

func IntrusionDetection 

func IntrusionDetection(
	ls *operatorv1.LogStorage,
	esSecrets []*corev1.Secret,
	kibanaCertSecret *corev1.Secret,
	registry string,
	clusterName string,
	pullSecrets []*corev1.Secret,
	openshift bool,
) Component

func Manager added in v1.0.0 

func Manager(
	cr *operator.Manager,
	esSecrets []*corev1.Secret,
	kibanaSecrets []*corev1.Secret,
	clusterName string,
	tlsKeyPair *corev1.Secret,
	pullSecrets []*corev1.Secret,
	openshift bool,
	registry string,
	oidcConfig *corev1.ConfigMap,
) (Component, error)

func Namespaces 

func Namespaces(cr *operator.Installation, openshift bool, pullSecrets []*corev1.Secret) Component

func Node 

func Node(cr *operator.Installation, p operator.Provider, nc NetworkConfig, bt map[string]string, tnTLS *TyphaNodeTLS) Component

Node creates the node daemonset and other resources for the daemonset to operate normally.

func PriorityClassDefinitions 

func PriorityClassDefinitions(cr *operator.Installation) Component

func Secrets added in v1.0.0 

func Secrets(secrets []*corev1.Secret) Component

func Typha added in v1.0.0 

func Typha(cr *operator.Installation, p operator.Provider, tnTLS *TyphaNodeTLS) Component

Typha creates the typha daemonset and other resources for the daemonset to operate normally.

type EksCloudwatchLogConfig added in v1.0.0 

type EksCloudwatchLogConfig struct {
	AwsId         []byte
	AwsKey        []byte
	AwsRegion     string
	GroupName     string
	StreamPrefix  string
	FetchInterval int32
}

type FluentdFilters added in v1.0.0 

type FluentdFilters struct {
	Flow string
	DNS  string
}

type NetworkConfig added in v1.0.0 

type NetworkConfig struct {
	CNI                  string
	NodenameFileOptional bool
	IPPools              []operatorv1.IPPool
}

type Renderer 

type Renderer interface {
	Render() []Component
}

A Renderer is capable of generating components to be installed on the cluster.

func Calico 

func Calico(
	cr *operator.Installation,
	pullSecrets []*corev1.Secret,
	typhaNodeTLS *TyphaNodeTLS,
	bt map[string]string,
	p operator.Provider,
	nc NetworkConfig,
) (Renderer, error)

type S3Credential added in v1.0.0 

type S3Credential struct {
	KeyId     []byte
	KeySecret []byte
}

type TyphaNodeTLS added in v1.0.0 

type TyphaNodeTLS struct {
	CAConfigMap *corev1.ConfigMap
	TyphaSecret *corev1.Secret
	NodeSecret  *corev1.Secret
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.