Documentation ¶
Overview ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
This renderer is responsible for all resources related to a Guardian Deployment in a multicluster setup.
Index ¶
- Constants
- Variables
- func AnnotationHash(i interface{}) string
- func Bool(b bool) *bool
- func CopySecrets(ns string, oSecrets ...*v1.Secret) []*v1.Secret
- func CreateDexClientSecret() *corev1.Secret
- func CreateDexTLSSecret() *corev1.Secret
- func CreateOperatorTLSSecret(ca *crypto.CA, secretName string, secretKeyName string, secretCertName string, ...) (*v1.Secret, error)
- func ElasticsearchContainerDecorate(c corev1.Container, cluster, secret string) corev1.Container
- func ElasticsearchContainerDecorateENVVars(c corev1.Container, cluster, esUserSecretName string) corev1.Container
- func ElasticsearchContainerDecorateIndexCreator(c corev1.Container, replicas, shards int) corev1.Container
- func ElasticsearchContainerDecorateVolumeMounts(c corev1.Container) corev1.Container
- func ElasticsearchDefaultVolume() corev1.Volume
- func ElasticsearchDefaultVolumeMount() corev1.VolumeMount
- func ElasticsearchPodSpecDecorate(p corev1.PodSpec) corev1.PodSpec
- func GetIPv4Pool(pools []operator.IPPool) *operator.IPPool
- func GetIPv6Pool(pools []operator.IPPool) *operator.IPPool
- func GetResourceRequirements(i *operatorv1.InstallationSpec, name operatorv1.ComponentName) v1.ResourceRequirements
- func GetTigeraSecurityGroupEnvVariables(aci *operator.AmazonCloudIntegration) []corev1.EnvVar
- func Int64(i int64) *int64
- func KubeControllers(k8sServiceEp k8sapi.ServiceEndpoint, cr *operator.InstallationSpec, ...) *kubeControllersComponent
- func OperatorNamespace() string
- func ParseEndpoint(endpoint string) (string, string, string, error)
- func ParseHostPort(hostport string) (string, string, error)
- func SetTestLogger(l logr.Logger)
- type AmazonCredential
- type Annotatable
- type Component
- func APIServer(k8sServiceEndpoint k8sapi.ServiceEndpoint, ...) (Component, error)
- func AWSSecurityGroupSetup(ps []corev1.LocalObjectReference, installcr *operator.InstallationSpec) (Component, error)
- func AmazonCloudIntegration(aci *operator.AmazonCloudIntegration, installation *operator.InstallationSpec, ...) (Component, error)
- func Compliance(esSecrets []*corev1.Secret, managerInternalTLSSecret *corev1.Secret, ...) (Component, error)
- func ConfigMaps(cms []*corev1.ConfigMap) Component
- func Dex(pullSecrets []*corev1.Secret, openshift bool, ...) Component
- func Fluentd(lc *operatorv1.LogCollector, esSecrets []*corev1.Secret, ...) Component
- func Guardian(url string, pullSecrets []*corev1.Secret, openshift bool, ...) Component
- func IntrusionDetection(lc *operatorv1.LogCollector, esSecrets []*corev1.Secret, ...) Component
- func LogStorage(logStorage *operatorv1.LogStorage, installation *operatorv1.InstallationSpec, ...) Component
- func Manager(dexCfg DexKeyValidatorConfig, esSecrets []*corev1.Secret, ...) (Component, error)
- func Namespaces(installation *operatorv1.InstallationSpec, pullSecrets []*corev1.Secret) Component
- func Node(k8sServiceEp k8sapi.ServiceEndpoint, cr *operator.InstallationSpec, ...) Component
- func PriorityClassDefinitions() Component
- func Secrets(secrets []*corev1.Secret) Component
- func Typha(k8sServiceEp k8sapi.ServiceEndpoint, installation *operator.InstallationSpec, ...) Component
- type DexConfig
- type DexKeyValidatorConfig
- type DexRelyingPartyConfig
- type EksCloudwatchLogConfig
- type ElasticsearchClusterConfig
- func (c ElasticsearchClusterConfig) Annotation() string
- func (c ElasticsearchClusterConfig) ClusterName() string
- func (c ElasticsearchClusterConfig) ConfigMap() *corev1.ConfigMap
- func (c ElasticsearchClusterConfig) FlowShards() int
- func (c ElasticsearchClusterConfig) Replicas() int
- func (c ElasticsearchClusterConfig) Shards() int
- type FluentdFilters
- type GuardianComponent
- type OSType
- type Renderer
- type S3Credential
- type SplunkCredential
- type TyphaNodeTLS
Constants ¶
const ( AmazonCloudIntegrationNamespace = "tigera-amazon-cloud-integration" AmazonCloudIntegrationComponentName = "tigera-amazon-cloud-integration" AmazonCloudIntegrationCredentialName = "amazon-cloud-integration-credentials" AmazonCloudCredentialKeyIdName = "key-id" AmazonCloudCredentialKeySecretName = "key-secret" )
const ( APIServerNamespace = "tigera-system" APIServerTLSSecretName = "tigera-apiserver-certs" APIServerSecretKeyName = "apiserver.key" APIServerSecretCertName = "apiserver.crt" )
const ( Optional = true DefaultCertificateDuration = 100 * 365 * 24 * time.Hour OSTypeAny OSType = "any" OSTypeLinux OSType = "linux" )
const ( ComplianceNamespace = "tigera-compliance" ComplianceServerName = "compliance-server" ComplianceControllerName = "compliance-controller" ComplianceSnapshotterName = "compliance-snapshotter" )
const ( ElasticsearchComplianceBenchmarkerUserSecret = "tigera-ee-compliance-benchmarker-elasticsearch-access" ElasticsearchComplianceControllerUserSecret = "tigera-ee-compliance-controller-elasticsearch-access" ElasticsearchComplianceReporterUserSecret = "tigera-ee-compliance-reporter-elasticsearch-access" ElasticsearchComplianceSnapshotterUserSecret = "tigera-ee-compliance-snapshotter-elasticsearch-access" ElasticsearchComplianceServerUserSecret = "tigera-ee-compliance-server-elasticsearch-access" ElasticsearchCuratorUserSecret = "tigera-ee-curator-elasticsearch-access" ComplianceServerCertSecret = "tigera-compliance-server-tls" ComplianceServerCertName = "tls.crt" ComplianceServerKeyName = "tls.key" )
const ( VoltronDnsName = "voltron" VoltronKeySizeBits = 2048 )
Voltron related constants.
const ( // Manifest object variables DexNamespace = "tigera-dex" DexObjectName = "tigera-dex" DexPort = 5556 DexTLSSecretName = "tigera-dex-tls" // Constants related to Dex configurations DexClientId = "tigera-manager" DexCN = "tigera-dex.tigera-dex.svc.cluster.local" )
const ( ClientSecretSecretField = "clientSecret" RootCASecretField = "rootCA" OIDCSecretName = "tigera-oidc-credentials" OpenshiftSecretName = "tigera-openshift-credentials" ClientIDSecretField = "clientID" )
const ( ElasticsearchDefaultCertDir = "/etc/ssl/elastic/" ElasticsearchDefaultCertPath = ElasticsearchDefaultCertDir + "ca.pem" TigeraElasticsearchCertSecret = "tigera-secure-elasticsearch-cert" ElasticsearchPublicCertSecret = "tigera-secure-es-http-certs-public" )
const ( LogCollectorNamespace = "tigera-fluentd" FluentdFilterConfigMapName = "fluentd-filters" FluentdFilterFlowName = "flow" FluentdFilterDNSName = "dns" S3FluentdSecretName = "log-collector-s3-credentials" S3KeyIdName = "key-id" S3KeySecretName = "key-secret" ElasticsearchLogCollectorUserSecret = "tigera-fluentd-elasticsearch-access" ElasticsearchEksLogForwarderUserSecret = "tigera-eks-log-forwarder-elasticsearch-access" EksLogForwarderSecret = "tigera-eks-log-forwarder-secret" EksLogForwarderAwsId = "aws-id" EksLogForwarderAwsKey = "aws-key" SplunkFluentdTokenSecretName = "logcollector-splunk-credentials" SplunkFluentdSecretTokenKey = "token" SplunkFluentdCertificateSecretName = "logcollector-splunk-public-certificate" SplunkFluentdSecretCertificateKey = "ca.pem" SplunkFluentdSecretsVolName = "splunk-certificates" SplunkFluentdDefaultCertDir = "/etc/ssl/splunk/" SplunkFluentdDefaultCertPath = SplunkFluentdDefaultCertDir + SplunkFluentdSecretCertificateKey ProbeTimeoutSeconds = 5 )
const ( GuardianName = "tigera-guardian" GuardianNamespace = GuardianName GuardianServiceAccountName = GuardianName GuardianClusterRoleName = GuardianName GuardianClusterRoleBindingName = GuardianName GuardianDeploymentName = GuardianName GuardianServiceName = "tigera-guardian" GuardianVolumeName = "tigera-guardian-certs" GuardianSecretName = "tigera-managed-cluster-connection" )
The names of the components related to the Guardian related rendered objects.
const ( IntrusionDetectionNamespace = "tigera-intrusion-detection" ElasticsearchIntrusionDetectionUserSecret = "tigera-ee-intrusion-detection-elasticsearch-access" ElasticsearchIntrusionDetectionJobUserSecret = "tigera-ee-installer-elasticsearch-access" IntrusionDetectionInstallerJobName = "intrusion-detection-es-job-installer" )
const ( ECKOperatorName = "elastic-operator" ECKOperatorNamespace = "tigera-eck-operator" ECKWebhookSecretName = "elastic-webhook-server-cert" ECKWebhookName = "elastic-webhook-server" ECKWebhookPortName = "https" ECKEnterpriseTrial = "eck-trial-license" ECKWebhookConfiguration = "elastic-webhook.k8s.elastic.co" ElasticsearchNamespace = "tigera-elasticsearch" ElasticsearchHTTPURL = "tigera-secure-es-http.tigera-elasticsearch.svc" ElasticsearchHTTPSEndpoint = "https://tigera-secure-es-http.tigera-elasticsearch.svc:9200" ElasticsearchName = "tigera-secure" ElasticsearchConfigMapName = "tigera-secure-elasticsearch" ElasticsearchServiceName = "tigera-secure-es-http" ElasticsearchSecureSettingsSecretName = "tigera-elasticsearch-secure-settings" KibanaHTTPURL = "tigera-secure-kb-http.tigera-kibana.svc" KibanaHTTPSEndpoint = "https://tigera-secure-kb-http.tigera-kibana.svc:5601" KibanaName = "tigera-secure" KibanaNamespace = "tigera-kibana" KibanaPublicCertSecret = "tigera-secure-kb-http-certs-public" TigeraKibanaCertSecret = "tigera-secure-kibana-cert" KibanaDefaultCertPath = "/etc/ssl/kibana/ca.pem" KibanaBasePath = "tigera-kibana" KibanaServiceName = "tigera-secure-kb-http" DefaultElasticsearchClusterName = "cluster" DefaultElasticsearchReplicas = 0 LogStorageFinalizer = "tigera.io/eck-cleanup" EsCuratorName = "elastic-curator" EsCuratorServiceAccount = "tigera-elastic-curator" )
const ( ManagerNamespace = "tigera-manager" ManagerServiceDNS = "tigera-manager.tigera-manager.svc" ManagerServiceIP = "localhost" ManagerServiceAccount = "tigera-manager" ManagerClusterRole = "tigera-manager-role" ManagerClusterRoleBinding = "tigera-manager-binding" ManagerTLSSecretName = "manager-tls" ManagerSecretKeyName = "key" ManagerSecretCertName = "cert" ManagerInternalTLSSecretName = "internal-manager-tls" ManagerInternalTLSSecretCertName = "internal-manager-tls-cert" ManagerInternalSecretKeyName = "key" ManagerInternalSecretCertName = "cert" ManagerOIDCConfig = "tigera-manager-oidc-config" ElasticsearchManagerUserSecret = "tigera-ee-manager-elasticsearch-access" ManagerInternalTLSHashAnnotation = "hash.operator.tigera.io/internal-tls-secret" )
const ( VoltronName = "tigera-voltron" VoltronTunnelSecretName = "tigera-management-cluster-connection" VoltronTunnelSecretCertName = "cert" VoltronTunnelSecretKeyName = "key" )
ManagementClusterConnection configuration constants
const ( TyphaServiceName = "calico-typha" TyphaPortName = "calico-typha" TyphaK8sAppName = "calico-typha" TyphaServiceAccountName = "calico-typha" AppLabelName = "k8s-app" TyphaPort int32 = 5473 )
const (
BirdTemplatesConfigMapName = "bird-templates"
)
const (
PriorityClassName = "calico-priority"
)
const TigeraAWSSGSetupName = "tigera-aws-security-group-setup"
Variables ¶
var ( TyphaCAConfigMapName = "typha-ca" TyphaCABundleName = "caBundle" TyphaTLSSecretName = "typha-certs" NodeTLSSecretName = "node-certs" TLSSecretCertName = "cert.crt" TLSSecretKeyName = "key.key" CommonName = "common-name" URISAN = "uri-san" )
Functions ¶
func AnnotationHash ¶ added in v1.0.0
func AnnotationHash(i interface{}) string
AnnotationHash is to generate a hash that can be included in a Deployment or DaemonSet to trigger a restart/rolling update when a ConfigMap or Secret is updated.
func CreateDexClientSecret ¶ added in v1.12.0
func CreateDexTLSSecret ¶ added in v1.12.0
func CreateOperatorTLSSecret ¶ added in v1.4.0
func CreateOperatorTLSSecret( ca *crypto.CA, secretName string, secretKeyName string, secretCertName string, dur time.Duration, cef []crypto.CertificateExtensionFunc, hostnames ...string, ) (*v1.Secret, error)
CreateOperatorTLSSecret Creates a new TLS secret with the information passed
ca: The ca to use for creating the Cert/Key pair. If nil then a self-signed CA will be created secretName: The name of the secret. secretKeyName: The name of the data field that will contain the key. secretCertName: The name of the data field that will contain the cert. dur: How long the certificate will be valid. hostnames: The first will be used as the CN, and the rest as SANs. If no hostnames are provided then "localhost" will be used.
func ElasticsearchContainerDecorate ¶ added in v1.0.0
func ElasticsearchContainerDecorateENVVars ¶ added in v1.0.0
func ElasticsearchContainerDecorateIndexCreator ¶ added in v1.0.2
func ElasticsearchContainerDecorateVolumeMounts ¶ added in v1.0.0
func ElasticsearchDefaultVolume ¶ added in v1.0.0
func ElasticsearchDefaultVolumeMount ¶ added in v1.0.0
func ElasticsearchDefaultVolumeMount() corev1.VolumeMount
func ElasticsearchPodSpecDecorate ¶ added in v1.0.0
func GetIPv4Pool ¶ added in v1.2.0
GetIPv4Pool returns the IPv4 IPPool in an instalation, or nil if one can't be found.
func GetIPv6Pool ¶ added in v1.2.0
GetIPv6Pool returns the IPv6 IPPool in an instalation, or nil if one can't be found.
func GetResourceRequirements ¶ added in v1.7.0
func GetResourceRequirements(i *operatorv1.InstallationSpec, name operatorv1.ComponentName) v1.ResourceRequirements
GetResourceRequirements retrieves the component ResourcesRequirements from the installation If it doesn't exist, it returns an empty ResourceRequirements struct
func GetTigeraSecurityGroupEnvVariables ¶ added in v1.8.0
func GetTigeraSecurityGroupEnvVariables(aci *operator.AmazonCloudIntegration) []corev1.EnvVar
func KubeControllers ¶
func KubeControllers( k8sServiceEp k8sapi.ServiceEndpoint, cr *operator.InstallationSpec, logStorageExists bool, managementCluster *operator.ManagementCluster, managementClusterConnection *operator.ManagementClusterConnection, managerInternalSecret *v1.Secret, authentication *operator.Authentication, ) *kubeControllersComponent
func OperatorNamespace ¶ added in v1.0.0
func OperatorNamespace() string
func ParseEndpoint ¶
ParseEndpoint parses an endpoint of the form scheme://host:port and returns the components.
func SetTestLogger ¶
Types ¶
type AmazonCredential ¶ added in v1.8.0
func ConvertSecretToCredential ¶ added in v1.8.0
func ConvertSecretToCredential(s *corev1.Secret) (*AmazonCredential, error)
type Annotatable ¶ added in v1.2.0
func ElasticsearchDecorateAnnotations ¶ added in v1.2.0
func ElasticsearchDecorateAnnotations(obj Annotatable, config *ElasticsearchClusterConfig, secrets []*corev1.Secret) Annotatable
type Component ¶
type Component interface { // Objects returns the lists of objects in this component that should be created and/or deleted during // rendering. Objects() (objsToCreate, objsToDelete []runtime.Object) // Ready returns true if the component is ready to be created. Ready() bool // SupportedOSTypes returns operating systems that is supported of the components returned by the Objects() function. // The "componentHandler" converts the returned OSTypes to a node selectors for the "kubernetes.io/os" label on runtime.Objects // that create pods. Return OSTypeAny means that no node selector should be set for the "kubernetes.io/os" label. SupportedOSType() OSType }
func APIServer ¶
func APIServer(k8sServiceEndpoint k8sapi.ServiceEndpoint, installation *operator.InstallationSpec, managementCluster *operator.ManagementCluster, managementClusterConnection *operator.ManagementClusterConnection, aci *operator.AmazonCloudIntegration, tlsKeyPair *corev1.Secret, pullSecrets []*corev1.Secret, openshift bool, tunnelCASecret *corev1.Secret) (Component, error)
func AWSSecurityGroupSetup ¶ added in v1.0.0
func AWSSecurityGroupSetup(ps []corev1.LocalObjectReference, installcr *operator.InstallationSpec) (Component, error)
func AmazonCloudIntegration ¶ added in v1.8.0
func AmazonCloudIntegration(aci *operator.AmazonCloudIntegration, installation *operator.InstallationSpec, cred *AmazonCredential, ps []*corev1.Secret, openshift bool) (Component, error)
func Compliance ¶
func Compliance( esSecrets []*corev1.Secret, managerInternalTLSSecret *corev1.Secret, installation *operatorv1.InstallationSpec, complianceServerCertSecret *corev1.Secret, esClusterConfig *ElasticsearchClusterConfig, pullSecrets []*corev1.Secret, openshift bool, managementCluster *operatorv1.ManagementCluster, managementClusterConnection *operatorv1.ManagementClusterConnection, dexCfg DexKeyValidatorConfig, ) (Component, error)
func ConfigMaps ¶ added in v1.0.0
func Fluentd ¶ added in v1.0.0
func Fluentd( lc *operatorv1.LogCollector, esSecrets []*corev1.Secret, esClusterConfig *ElasticsearchClusterConfig, s3C *S3Credential, spC *SplunkCredential, f *FluentdFilters, eksConfig *EksCloudwatchLogConfig, pullSecrets []*corev1.Secret, installation *operatorv1.InstallationSpec, ) Component
func Guardian ¶ added in v1.2.0
func Guardian( url string, pullSecrets []*corev1.Secret, openshift bool, installation *operatorv1.InstallationSpec, tunnelSecret *corev1.Secret, ) Component
func IntrusionDetection ¶
func IntrusionDetection( lc *operatorv1.LogCollector, esSecrets []*corev1.Secret, kibanaCertSecret *corev1.Secret, installation *operator.InstallationSpec, esClusterConfig *ElasticsearchClusterConfig, pullSecrets []*corev1.Secret, openshift bool, ) Component
func LogStorage ¶ added in v1.4.0
func LogStorage( logStorage *operatorv1.LogStorage, installation *operatorv1.InstallationSpec, managementCluster *operatorv1.ManagementCluster, managementClusterConnection *operatorv1.ManagementClusterConnection, elasticsearch *esv1.Elasticsearch, kibana *kbv1.Kibana, clusterConfig *ElasticsearchClusterConfig, elasticsearchSecrets []*corev1.Secret, kibanaSecrets []*corev1.Secret, createWebhookSecret bool, pullSecrets []*corev1.Secret, provider operatorv1.Provider, curatorSecrets []*corev1.Secret, esService *corev1.Service, kbService *corev1.Service, clusterDNS string, applyTrial bool, dexCfg DexRelyingPartyConfig) Component
Elasticsearch renders the
func Manager ¶ added in v1.0.0
func Manager( dexCfg DexKeyValidatorConfig, esSecrets []*corev1.Secret, kibanaSecrets []*corev1.Secret, complianceServerCertSecret *corev1.Secret, esClusterConfig *ElasticsearchClusterConfig, tlsKeyPair *corev1.Secret, pullSecrets []*corev1.Secret, openshift bool, installation *operator.InstallationSpec, managementCluster *operator.ManagementCluster, tunnelSecret *corev1.Secret, internalTrafficSecret *corev1.Secret, ) (Component, error)
func Namespaces ¶
func Namespaces(installation *operatorv1.InstallationSpec, pullSecrets []*corev1.Secret) Component
func Node ¶
func Node( k8sServiceEp k8sapi.ServiceEndpoint, cr *operator.InstallationSpec, bt map[string]string, tnTLS *TyphaNodeTLS, aci *operator.AmazonCloudIntegration, migrate bool, nodeAppArmorProfile string, ) Component
Node creates the node daemonset and other resources for the daemonset to operate normally.
func PriorityClassDefinitions ¶
func PriorityClassDefinitions() Component
func Typha ¶ added in v1.0.0
func Typha( k8sServiceEp k8sapi.ServiceEndpoint, installation *operator.InstallationSpec, tnTLS *TyphaNodeTLS, aci *operator.AmazonCloudIntegration, migrationNeeded bool, ) Component
Typha creates the typha daemonset and other resources for the daemonset to operate normally.
type DexConfig ¶ added in v1.12.0
type DexConfig interface { Connector() map[string]interface{} DexKeyValidatorConfig }
DexConfig is a config for DexIdP itself.
type DexKeyValidatorConfig ¶ added in v1.12.0
type DexKeyValidatorConfig interface { // ManagerURI returns the address where the Manager UI can be found. Ex: https://example.org ManagerURI() string // RequiredEnv returns env that is used to configure pods with dex options. RequiredEnv(prefix string) []corev1.EnvVar // RequiredAnnotations returns annotations that make your the pods get refreshed if any of the config/secrets change. RequiredAnnotations() map[string]string // RequiredSecrets returns secrets that you need to render for dex. RequiredSecrets(namespace string) []*corev1.Secret // RequiredVolumeMounts returns volume mounts that are related to dex. RequiredVolumeMounts() []corev1.VolumeMount // RequiredVolumes returns volumes that are related to dex. RequiredVolumes() []corev1.Volume }
DexKeyValidatorConfig is a config for (backend) servers that validate JWTs issued by Dex.
func NewDexKeyValidatorConfig ¶ added in v1.12.0
func NewDexKeyValidatorConfig( authentication *oprv1.Authentication, tlsSecret *corev1.Secret) DexKeyValidatorConfig
type DexRelyingPartyConfig ¶ added in v1.12.0
type DexRelyingPartyConfig interface { // JWKSURI returns the endpoint for public keys JWKSURI() string // TokenURI returns the endpoint for exchanging tokens TokenURI() string // UserInfoURI returns the endpoint for user info. UserInfoURI() string // ClientSecret returns the secret for Dex' auth endpoint ClientSecret() []byte // ManagerURI returns the address where the Manager UI can be found. Ex: https://example.org RequestedScopes() []string // UsernameClaim returns the part of the JWT that represents a unique username. UsernameClaim() string // GroupsClaim returns the part of the JWT that represents the list of user groups. GroupsClaim() string DexKeyValidatorConfig }
DexRelyingPartyConfig is a config for relying parties / applications that use Dex as their IdP.
func NewDexRelyingPartyConfig ¶ added in v1.12.0
func NewDexRelyingPartyConfig( authentication *oprv1.Authentication, tlsSecret *corev1.Secret, dexSecret *corev1.Secret) DexRelyingPartyConfig
type EksCloudwatchLogConfig ¶ added in v1.0.0
type ElasticsearchClusterConfig ¶ added in v1.2.0
type ElasticsearchClusterConfig struct {
// contains filtered or unexported fields
}
func NewElasticsearchClusterConfig ¶ added in v1.2.0
func NewElasticsearchClusterConfig(clusterName string, replicas int, shards int, flowShards int) *ElasticsearchClusterConfig
func NewElasticsearchClusterConfigFromConfigMap ¶ added in v1.2.0
func NewElasticsearchClusterConfigFromConfigMap(configMap *corev1.ConfigMap) (*ElasticsearchClusterConfig, error)
func (ElasticsearchClusterConfig) Annotation ¶ added in v1.2.0
func (c ElasticsearchClusterConfig) Annotation() string
func (ElasticsearchClusterConfig) ClusterName ¶ added in v1.2.0
func (c ElasticsearchClusterConfig) ClusterName() string
func (ElasticsearchClusterConfig) ConfigMap ¶ added in v1.2.0
func (c ElasticsearchClusterConfig) ConfigMap() *corev1.ConfigMap
func (ElasticsearchClusterConfig) FlowShards ¶ added in v1.6.0
func (c ElasticsearchClusterConfig) FlowShards() int
func (ElasticsearchClusterConfig) Replicas ¶ added in v1.2.0
func (c ElasticsearchClusterConfig) Replicas() int
func (ElasticsearchClusterConfig) Shards ¶ added in v1.2.0
func (c ElasticsearchClusterConfig) Shards() int
type FluentdFilters ¶ added in v1.0.0
type GuardianComponent ¶ added in v1.2.0
type GuardianComponent struct {
// contains filtered or unexported fields
}
func (*GuardianComponent) Objects ¶ added in v1.2.0
func (c *GuardianComponent) Objects() ([]runtime.Object, []runtime.Object)
func (*GuardianComponent) Ready ¶ added in v1.2.0
func (c *GuardianComponent) Ready() bool
func (*GuardianComponent) SupportedOSType ¶ added in v1.11.0
func (c *GuardianComponent) SupportedOSType() OSType
type OSType ¶ added in v1.11.0
type OSType string
This type helps ensure that we only use defined os types
type Renderer ¶
type Renderer interface {
Render() []Component
}
A Renderer is capable of generating components to be installed on the cluster.
func Calico ¶
func Calico( k8sServiceEp k8sapi.ServiceEndpoint, cr *operator.InstallationSpec, logStorageExists bool, managementCluster *operator.ManagementCluster, managementClusterConnection *operator.ManagementClusterConnection, authentication *operator.Authentication, pullSecrets []*corev1.Secret, typhaNodeTLS *TyphaNodeTLS, managerInternalTLSSecret *corev1.Secret, bt map[string]string, p operator.Provider, aci *operator.AmazonCloudIntegration, up bool, nodeAppArmorProfile string, ) (Renderer, error)
type S3Credential ¶ added in v1.0.0
type SplunkCredential ¶ added in v1.4.0
Source Files ¶
- amazoncloudintegration.go
- apiserver.go
- aws-securitygroup-setup.go
- common.go
- compliance.go
- configmap.go
- crypto_utils.go
- dex.go
- dex_config.go
- elasticsearch_decorator.go
- elasticsearchclusterconfig.go
- fluentd.go
- guardian.go
- intrusion_detection.go
- kube-controllers.go
- logstorage.go
- manager.go
- namespaces.go
- node.go
- priority_class.go
- render.go
- secrets.go
- types.go
- typha.go