Documentation ¶
Overview ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
This renderer is responsible for all resources related to a Guardian Deployment in a multicluster setup.
Index ¶
- Constants
- Variables
- func AnnotationHash(i interface{}) string
- func Bool(b bool) *bool
- func CopySecrets(ns string, oSecrets ...*v1.Secret) []*v1.Secret
- func CreateCSRInitContainer(installation *operator.InstallationSpec, image string, mountName string, ...) corev1.Container
- func CreateDexClientSecret() *corev1.Secret
- func CreateDexTLSSecret(dexCommonName string) *corev1.Secret
- func CreateOperatorTLSSecret(ca *crypto.CA, secretName string, secretKeyName string, secretCertName string, ...) (*v1.Secret, error)
- func ElasticsearchContainerDecorate(c corev1.Container, cluster, secret, clusterDomain string, osType OSType) corev1.Container
- func ElasticsearchContainerDecorateENVVars(c corev1.Container, cluster, esUserSecretName, clusterDomain string, ...) corev1.Container
- func ElasticsearchContainerDecorateIndexCreator(c corev1.Container, replicas, shards int) corev1.Container
- func ElasticsearchContainerDecorateVolumeMounts(c corev1.Container, osType OSType) corev1.Container
- func ElasticsearchDefaultVolume() corev1.Volume
- func ElasticsearchDefaultVolumeMount(osType OSType) corev1.VolumeMount
- func ElasticsearchHTTPSEndpoint(osType OSType, clusterDomain string) string
- func ElasticsearchPodSpecDecorate(p corev1.PodSpec) corev1.PodSpec
- func GetIPv4Pool(pools []operator.IPPool) *operator.IPPool
- func GetIPv6Pool(pools []operator.IPPool) *operator.IPPool
- func GetResourceRequirements(i *operatorv1.InstallationSpec, name operatorv1.ComponentName) v1.ResourceRequirements
- func GetTigeraSecurityGroupEnvVariables(aci *operator.AmazonCloudIntegration) []corev1.EnvVar
- func Int64(i int64) *int64
- func KibanaHTTPSEndpoint(osType OSType, clusterDomain string) string
- func KubeControllers(k8sServiceEp k8sapi.ServiceEndpoint, cr *operator.InstallationSpec, ...) *kubeControllersComponent
- func OperatorNamespace() string
- func ParseEndpoint(endpoint string) (string, string, string, error)
- func ParseHostPort(hostport string) (string, string, error)
- func ResolveCSRInitImage(inst *operator.InstallationSpec, is *operator.ImageSet) (string, error)
- func SetTestLogger(l logr.Logger)
- type AmazonCredential
- type Annotatable
- type Component
- func APIServer(k8sServiceEndpoint k8sapi.ServiceEndpoint, ...) (Component, error)
- func AWSSecurityGroupSetup(ps []corev1.LocalObjectReference, installcr *operator.InstallationSpec) (Component, error)
- func AmazonCloudIntegration(aci *operator.AmazonCloudIntegration, installation *operator.InstallationSpec, ...) (Component, error)
- func Compliance(esSecrets []*corev1.Secret, managerInternalTLSSecret *corev1.Secret, ...) (Component, error)
- func ConfigMaps(cms []*corev1.ConfigMap) Component
- func Dex(pullSecrets []*corev1.Secret, openshift bool, ...) Component
- func Fluentd(lc *operatorv1.LogCollector, esSecrets []*corev1.Secret, ...) Component
- func Guardian(url string, pullSecrets []*corev1.Secret, openshift bool, ...) Component
- func IntrusionDetection(lc *operator.LogCollector, esSecrets []*corev1.Secret, ...) Component
- func LogStorage(logStorage *operatorv1.LogStorage, installation *operatorv1.InstallationSpec, ...) Component
- func Manager(dexCfg DexKeyValidatorConfig, esSecrets []*corev1.Secret, ...) (Component, error)
- func Namespaces(installation *operatorv1.InstallationSpec, pullSecrets []*corev1.Secret) Component
- func Node(k8sServiceEp k8sapi.ServiceEndpoint, cr *operator.InstallationSpec, ...) Component
- func PriorityClassDefinitions() Component
- func Secrets(secrets []*corev1.Secret) Component
- func Typha(k8sServiceEp k8sapi.ServiceEndpoint, installation *operator.InstallationSpec, ...) Component
- type DexConfig
- type DexKeyValidatorConfig
- type DexRelyingPartyConfig
- type EksCloudwatchLogConfig
- type ElasticsearchClusterConfig
- func (c ElasticsearchClusterConfig) Annotation() string
- func (c ElasticsearchClusterConfig) ClusterName() string
- func (c ElasticsearchClusterConfig) ConfigMap() *corev1.ConfigMap
- func (c ElasticsearchClusterConfig) FlowShards() int
- func (c ElasticsearchClusterConfig) Replicas() int
- func (c ElasticsearchClusterConfig) Shards() int
- type ElasticsearchLicenseType
- type FluentdFilters
- type GuardianComponent
- type OSType
- type Renderer
- type S3Credential
- type SplunkCredential
- type TyphaNodeTLS
Constants ¶
const ( AmazonCloudIntegrationNamespace = "tigera-amazon-cloud-integration" AmazonCloudIntegrationComponentName = "tigera-amazon-cloud-integration" AmazonCloudIntegrationCredentialName = "amazon-cloud-integration-credentials" AmazonCloudCredentialKeyIdName = "key-id" AmazonCloudCredentialKeySecretName = "key-secret" )
const ( APIServerNamespace = "tigera-system" APIServerTLSSecretName = "tigera-apiserver-certs" APIServerSecretKeyName = "apiserver.key" APIServerSecretCertName = "apiserver.crt" APIServiceName = "tigera-api" )
const ( Optional = true DefaultCertificateDuration = 100 * 365 * 24 * time.Hour OSTypeAny OSType = "any" OSTypeLinux OSType = "linux" OSTypeWindows OSType = "windows" // The name prefix used for the CA issuer, which is used for self-signed // certificates issued for operator-managed certificates. // NOTE: Do not change this field since we use this value to identify // certificates managed by this operator. TigeraOperatorCAIssuerPrefix = "tigera-operator-signer" )
const ( ComplianceNamespace = "tigera-compliance" ComplianceServiceName = "compliance" ComplianceServerName = "compliance-server" ComplianceControllerName = "compliance-controller" ComplianceSnapshotterName = "compliance-snapshotter" )
const ( ElasticsearchComplianceBenchmarkerUserSecret = "tigera-ee-compliance-benchmarker-elasticsearch-access" ElasticsearchComplianceControllerUserSecret = "tigera-ee-compliance-controller-elasticsearch-access" ElasticsearchComplianceReporterUserSecret = "tigera-ee-compliance-reporter-elasticsearch-access" ElasticsearchComplianceSnapshotterUserSecret = "tigera-ee-compliance-snapshotter-elasticsearch-access" ElasticsearchComplianceServerUserSecret = "tigera-ee-compliance-server-elasticsearch-access" ElasticsearchCuratorUserSecret = "tigera-ee-curator-elasticsearch-access" ComplianceServerCertSecret = "tigera-compliance-server-tls" ComplianceServerCertName = "tls.crt" ComplianceServerKeyName = "tls.key" )
const ( VoltronDnsName = "voltron" VoltronKeySizeBits = 2048 )
Voltron related constants.
const ( CSRClusterRoleName = "tigera-csr-creator" CSRInitContainerName = "key-cert-provisioner" )
const ( // Manifest object variables DexNamespace = "tigera-dex" DexObjectName = "tigera-dex" DexPort = 5556 DexTLSSecretName = "tigera-dex-tls" // Constants related to Dex configurations DexClientId = "tigera-manager" )
const ( ClientSecretSecretField = "clientSecret" RootCASecretField = "rootCA" OIDCSecretName = "tigera-oidc-credentials" OpenshiftSecretName = "tigera-openshift-credentials" ClientIDSecretField = "clientID" )
const ( ElasticsearchDefaultCertDir = "/etc/ssl/elastic/" ElasticsearchDefaultCertDirWindows = "c:/etc/ssl/elastic/" ElasticsearchDefaultCertPath = ElasticsearchDefaultCertDir + "ca.pem" ElasticsearchDefaultCertPathWindows = ElasticsearchDefaultCertDirWindows + "ca.pem" TigeraElasticsearchCertSecret = "tigera-secure-elasticsearch-cert" ElasticsearchPublicCertSecret = "tigera-secure-es-http-certs-public" )
const ( LogCollectorNamespace = "tigera-fluentd" FluentdFilterConfigMapName = "fluentd-filters" FluentdFilterFlowName = "flow" FluentdFilterDNSName = "dns" S3FluentdSecretName = "log-collector-s3-credentials" S3KeyIdName = "key-id" S3KeySecretName = "key-secret" ElasticsearchLogCollectorUserSecret = "tigera-fluentd-elasticsearch-access" ElasticsearchEksLogForwarderUserSecret = "tigera-eks-log-forwarder-elasticsearch-access" EksLogForwarderSecret = "tigera-eks-log-forwarder-secret" EksLogForwarderAwsId = "aws-id" EksLogForwarderAwsKey = "aws-key" SplunkFluentdTokenSecretName = "logcollector-splunk-credentials" SplunkFluentdSecretTokenKey = "token" SplunkFluentdCertificateSecretName = "logcollector-splunk-public-certificate" SplunkFluentdSecretCertificateKey = "ca.pem" SplunkFluentdSecretsVolName = "splunk-certificates" SplunkFluentdDefaultCertDir = "/etc/ssl/splunk/" SplunkFluentdDefaultCertPath = SplunkFluentdDefaultCertDir + SplunkFluentdSecretCertificateKey ProbeTimeoutSeconds = 5 ProbePeriodSeconds = 10 )
const ( GuardianName = "tigera-guardian" GuardianNamespace = GuardianName GuardianServiceAccountName = GuardianName GuardianClusterRoleName = GuardianName GuardianClusterRoleBindingName = GuardianName GuardianDeploymentName = GuardianName GuardianServiceName = "tigera-guardian" GuardianVolumeName = "tigera-guardian-certs" GuardianSecretName = "tigera-managed-cluster-connection" )
The names of the components related to the Guardian related rendered objects.
const ( IntrusionDetectionNamespace = "tigera-intrusion-detection" ElasticsearchIntrusionDetectionUserSecret = "tigera-ee-intrusion-detection-elasticsearch-access" ElasticsearchIntrusionDetectionJobUserSecret = "tigera-ee-installer-elasticsearch-access" ElasticsearchADJobUserSecret = "tigera-ee-ad-job-elasticsearch-access" IntrusionDetectionInstallerJobName = "intrusion-detection-es-job-installer" )
const ( ECKOperatorName = "elastic-operator" ECKOperatorNamespace = "tigera-eck-operator" ECKEnterpriseTrial = "eck-trial-license" ECKLicenseConfigMapName = "elastic-licensing" ElasticsearchNamespace = "tigera-elasticsearch" ElasticsearchName = "tigera-secure" ElasticsearchConfigMapName = "tigera-secure-elasticsearch" ElasticsearchServiceName = "tigera-secure-es-http" ElasticsearchSecureSettingsSecretName = "tigera-elasticsearch-secure-settings" ElasticsearchOperatorUserSecret = "tigera-ee-operator-elasticsearch-access" KibanaHTTPURL = "tigera-secure-kb-http.tigera-kibana.svc.%s" KibanaName = "tigera-secure" KibanaNamespace = "tigera-kibana" KibanaPublicCertSecret = "tigera-secure-kb-http-certs-public" TigeraKibanaCertSecret = "tigera-secure-kibana-cert" KibanaDefaultCertPath = "/etc/ssl/kibana/ca.pem" KibanaBasePath = "tigera-kibana" KibanaServiceName = "tigera-secure-kb-http" DefaultElasticsearchClusterName = "cluster" DefaultElasticsearchReplicas = 0 DefaultElasticStorageGi = 10 LogStorageFinalizer = "tigera.io/eck-cleanup" EsCuratorName = "elastic-curator" EsCuratorServiceAccount = "tigera-elastic-curator" OIDCUsersConfigMapName = "tigera-known-oidc-users" OIDCUsersEsSecreteName = "tigera-oidc-users-elasticsearch-credentials" ElasticsearchLicenseTypeBasic ElasticsearchLicenseType = "basic" ElasticsearchLicenseTypeEnterprise ElasticsearchLicenseType = "enterprise" ElasticsearchLicenseTypeEnterpriseTrial ElasticsearchLicenseType = "enterprise_trial" ElasticsearchLicenseTypeUnknown ElasticsearchLicenseType = "" EsManagerRole = "es-manager" EsManagerRoleBinding = "es-manager" EsKubeControllerRole = "es-calico-kube-controllers" EsKubeControllerRoleBinding = "es-calico-kube-controllers" KibanaTLSAnnotationHash = "hash.operator.tigera.io/kb-secrets" ElasticsearchTLSHashAnnotation = "hash.operator.tigera.io/es-secrets" )
const ( ManagerServiceName = "tigera-manager" ManagerNamespace = "tigera-manager" ManagerServiceDNS = "tigera-manager.tigera-manager.svc.%s" ManagerServiceIP = "localhost" ManagerServiceAccount = "tigera-manager" ManagerClusterRole = "tigera-manager-role" ManagerClusterRoleBinding = "tigera-manager-binding" ManagerTLSSecretName = "manager-tls" ManagerSecretKeyName = "key" ManagerSecretCertName = "cert" ManagerInternalTLSSecretName = "internal-manager-tls" ManagerInternalTLSSecretCertName = "internal-manager-tls-cert" ManagerInternalSecretKeyName = "key" ManagerInternalSecretCertName = "cert" ManagerOIDCConfig = "tigera-manager-oidc-config" ElasticsearchManagerUserSecret = "tigera-ee-manager-elasticsearch-access" ManagerInternalTLSHashAnnotation = "hash.operator.tigera.io/internal-tls-secret" KibanaTLSHashAnnotation = "hash.operator.tigera.io/kibana-secrets" )
const ( VoltronName = "tigera-voltron" VoltronTunnelSecretName = "tigera-management-cluster-connection" VoltronTunnelSecretCertName = "cert" VoltronTunnelSecretKeyName = "key" )
ManagementClusterConnection configuration constants
const ( BirdTemplatesConfigMapName = "bird-templates" CSRLabelCalicoSystem = "calico-system" )
const ( TyphaServiceName = "calico-typha" TyphaPortName = "calico-typha" TyphaK8sAppName = "calico-typha" TyphaServiceAccountName = "calico-typha" AppLabelName = "k8s-app" TyphaPort int32 = 5473 )
const (
PriorityClassName = "calico-priority"
)
const TigeraAWSSGSetupName = "tigera-aws-security-group-setup"
Variables ¶
var ( TyphaCAConfigMapName = "typha-ca" TyphaCABundleName = "caBundle" TyphaTLSSecretName = "typha-certs" NodeTLSSecretName = "node-certs" TLSSecretCertName = "cert.crt" TLSSecretKeyName = "key.key" CommonName = "common-name" URISAN = "uri-san" TyphaCommonName = "typha-server" FelixCommonName = "typha-client" )
Functions ¶
func AnnotationHash ¶ added in v1.0.0
func AnnotationHash(i interface{}) string
AnnotationHash is to generate a hash that can be included in a Deployment or DaemonSet to trigger a restart/rolling update when a ConfigMap or Secret is updated.
func CreateCSRInitContainer ¶ added in v1.14.0
func CreateCSRInitContainer( installation *operator.InstallationSpec, image string, mountName string, commonName string, keyName string, certName string, dnsNames []string, appNameLabel string) corev1.Container
CreateCSRInitContainer creates an init container that can be added to a pod spec in order to create a CSR for its TLS certificates. It uses the provided params and the k8s downward api to be able to specify certificate subject information.
func CreateDexClientSecret ¶ added in v1.12.0
func CreateDexTLSSecret ¶ added in v1.12.0
func CreateOperatorTLSSecret ¶ added in v1.4.0
func CreateOperatorTLSSecret( ca *crypto.CA, secretName string, secretKeyName string, secretCertName string, dur time.Duration, cef []crypto.CertificateExtensionFunc, hostnames ...string, ) (*v1.Secret, error)
CreateOperatorTLSSecret Creates a new TLS secret with the information passed
ca: The ca to use for creating the Cert/Key pair. If nil then a self-signed CA will be created secretName: The name of the secret. secretKeyName: The name of the data field that will contain the key. secretCertName: The name of the data field that will contain the cert. dur: How long the certificate will be valid. hostnames: The first will be used as the CN, and the rest as SANs. If no hostnames are provided then "localhost" will be used.
func ElasticsearchContainerDecorate ¶ added in v1.0.0
func ElasticsearchContainerDecorateENVVars ¶ added in v1.0.0
func ElasticsearchContainerDecorateIndexCreator ¶ added in v1.0.2
func ElasticsearchContainerDecorateVolumeMounts ¶ added in v1.0.0
func ElasticsearchDefaultVolume ¶ added in v1.0.0
func ElasticsearchDefaultVolumeMount ¶ added in v1.0.0
func ElasticsearchDefaultVolumeMount(osType OSType) corev1.VolumeMount
func ElasticsearchHTTPSEndpoint ¶ added in v1.0.0
func ElasticsearchPodSpecDecorate ¶ added in v1.0.0
func GetIPv4Pool ¶ added in v1.2.0
GetIPv4Pool returns the IPv4 IPPool in an instalation, or nil if one can't be found.
func GetIPv6Pool ¶ added in v1.2.0
GetIPv6Pool returns the IPv6 IPPool in an instalation, or nil if one can't be found.
func GetResourceRequirements ¶ added in v1.7.0
func GetResourceRequirements(i *operatorv1.InstallationSpec, name operatorv1.ComponentName) v1.ResourceRequirements
GetResourceRequirements retrieves the component ResourcesRequirements from the installation If it doesn't exist, it returns an empty ResourceRequirements struct
func GetTigeraSecurityGroupEnvVariables ¶ added in v1.8.0
func GetTigeraSecurityGroupEnvVariables(aci *operator.AmazonCloudIntegration) []corev1.EnvVar
func KibanaHTTPSEndpoint ¶ added in v1.0.0
func KubeControllers ¶
func KubeControllers( k8sServiceEp k8sapi.ServiceEndpoint, cr *operator.InstallationSpec, logStorageExists bool, managementCluster *operator.ManagementCluster, managementClusterConnection *operator.ManagementClusterConnection, managerInternalSecret *v1.Secret, elasticsearchSecret *v1.Secret, kibanaSecret *v1.Secret, authentication *operator.Authentication, esLicenseType ElasticsearchLicenseType, ) *kubeControllersComponent
func OperatorNamespace ¶ added in v1.0.0
func OperatorNamespace() string
func ParseEndpoint ¶
ParseEndpoint parses an endpoint of the form scheme://host:port and returns the components.
func ResolveCSRInitImage ¶ added in v1.14.0
ResolveCsrInitImage resolves the image needed for the CSR init image taking into account the specified ImageSet
func SetTestLogger ¶
Types ¶
type AmazonCredential ¶ added in v1.8.0
func ConvertSecretToCredential ¶ added in v1.8.0
func ConvertSecretToCredential(s *corev1.Secret) (*AmazonCredential, error)
type Annotatable ¶ added in v1.2.0
func ElasticsearchDecorateAnnotations ¶ added in v1.2.0
func ElasticsearchDecorateAnnotations(obj Annotatable, config *ElasticsearchClusterConfig, secrets []*corev1.Secret) Annotatable
type Component ¶
type Component interface { // ResolveImages should call components.GetReference for all images that the Component // needs, passing 'is' to the GetReference call and if there are any errors those // are returned. It is valid to pass nil for 'is' as GetReference accepts the value. // ResolveImages must be called before Objects is called for the component. ResolveImages(is *operator.ImageSet) error // Objects returns the lists of objects in this component that should be created and/or deleted during // rendering. Objects() (objsToCreate, objsToDelete []client.Object) // Ready returns true if the component is ready to be created. Ready() bool // SupportedOSTypes returns operating systems that is supported of the components returned by the Objects() function. // The "componentHandler" converts the returned OSTypes to a node selectors for the "kubernetes.io/os" label on client.Objects // that create pods. Return OSTypeAny means that no node selector should be set for the "kubernetes.io/os" label. SupportedOSType() OSType }
func APIServer ¶
func APIServer(k8sServiceEndpoint k8sapi.ServiceEndpoint, installation *operator.InstallationSpec, managementCluster *operator.ManagementCluster, managementClusterConnection *operator.ManagementClusterConnection, aci *operator.AmazonCloudIntegration, tlsKeyPair *corev1.Secret, pullSecrets []*corev1.Secret, openshift bool, tunnelCASecret *corev1.Secret, clusterDomain string) (Component, error)
func AWSSecurityGroupSetup ¶ added in v1.0.0
func AWSSecurityGroupSetup(ps []corev1.LocalObjectReference, installcr *operator.InstallationSpec) (Component, error)
func AmazonCloudIntegration ¶ added in v1.8.0
func AmazonCloudIntegration(aci *operator.AmazonCloudIntegration, installation *operator.InstallationSpec, cred *AmazonCredential, ps []*corev1.Secret, openshift bool) (Component, error)
func Compliance ¶
func Compliance( esSecrets []*corev1.Secret, managerInternalTLSSecret *corev1.Secret, installation *operatorv1.InstallationSpec, complianceServerCertSecret *corev1.Secret, esClusterConfig *ElasticsearchClusterConfig, pullSecrets []*corev1.Secret, openshift bool, managementCluster *operatorv1.ManagementCluster, managementClusterConnection *operatorv1.ManagementClusterConnection, dexCfg DexKeyValidatorConfig, clusterDomain string, ) (Component, error)
func ConfigMaps ¶ added in v1.0.0
func Fluentd ¶ added in v1.0.0
func Fluentd( lc *operatorv1.LogCollector, esSecrets []*corev1.Secret, esClusterConfig *ElasticsearchClusterConfig, s3C *S3Credential, spC *SplunkCredential, f *FluentdFilters, eksConfig *EksCloudwatchLogConfig, pullSecrets []*corev1.Secret, installation *operatorv1.InstallationSpec, clusterDomain string, osType OSType, ) Component
func Guardian ¶ added in v1.2.0
func Guardian( url string, pullSecrets []*corev1.Secret, openshift bool, installation *operatorv1.InstallationSpec, tunnelSecret *corev1.Secret, ) Component
func IntrusionDetection ¶
func IntrusionDetection( lc *operator.LogCollector, esSecrets []*corev1.Secret, kibanaCertSecret *corev1.Secret, installation *operator.InstallationSpec, esClusterConfig *ElasticsearchClusterConfig, pullSecrets []*corev1.Secret, openshift bool, clusterDomain string, esLicenseType ElasticsearchLicenseType, ) Component
func LogStorage ¶ added in v1.4.0
func LogStorage( logStorage *operatorv1.LogStorage, installation *operatorv1.InstallationSpec, managementCluster *operatorv1.ManagementCluster, managementClusterConnection *operatorv1.ManagementClusterConnection, elasticsearch *esv1.Elasticsearch, kibana *kbv1.Kibana, clusterConfig *ElasticsearchClusterConfig, elasticsearchSecrets []*corev1.Secret, kibanaSecrets []*corev1.Secret, pullSecrets []*corev1.Secret, provider operatorv1.Provider, curatorSecrets []*corev1.Secret, esService *corev1.Service, kbService *corev1.Service, clusterDomain string, applyTrial bool, dexCfg DexRelyingPartyConfig, elasticLicenseType ElasticsearchLicenseType) Component
Elasticsearch renders the
func Manager ¶ added in v1.0.0
func Manager( dexCfg DexKeyValidatorConfig, esSecrets []*corev1.Secret, kibanaSecrets []*corev1.Secret, complianceServerCertSecret *corev1.Secret, esClusterConfig *ElasticsearchClusterConfig, tlsKeyPair *corev1.Secret, pullSecrets []*corev1.Secret, openshift bool, installation *operator.InstallationSpec, managementCluster *operator.ManagementCluster, tunnelSecret *corev1.Secret, internalTrafficSecret *corev1.Secret, clusterDomain string, esLicenseType ElasticsearchLicenseType, ) (Component, error)
func Namespaces ¶
func Namespaces(installation *operatorv1.InstallationSpec, pullSecrets []*corev1.Secret) Component
func Node ¶
func Node( k8sServiceEp k8sapi.ServiceEndpoint, cr *operator.InstallationSpec, bt map[string]string, tnTLS *TyphaNodeTLS, aci *operator.AmazonCloudIntegration, migrate bool, nodeAppArmorProfile string, clusterDomain string, nodeReporterMetricsPort int, ) Component
Node creates the node daemonset and other resources for the daemonset to operate normally.
func PriorityClassDefinitions ¶
func PriorityClassDefinitions() Component
func Typha ¶ added in v1.0.0
func Typha( k8sServiceEp k8sapi.ServiceEndpoint, installation *operator.InstallationSpec, tnTLS *TyphaNodeTLS, aci *operator.AmazonCloudIntegration, migrationNeeded bool, clusterDomain string, ) Component
Typha creates the typha daemonset and other resources for the daemonset to operate normally.
type DexConfig ¶ added in v1.12.0
type DexConfig interface { Connector() map[string]interface{} DexKeyValidatorConfig }
DexConfig is a config for DexIdP itself.
type DexKeyValidatorConfig ¶ added in v1.12.0
type DexKeyValidatorConfig interface { // ManagerURI returns the address where the Manager UI can be found. Ex: https://example.org ManagerURI() string // RequiredEnv returns env that is used to configure pods with dex options. RequiredEnv(prefix string) []corev1.EnvVar // RequiredAnnotations returns annotations that make your the pods get refreshed if any of the config/secrets change. RequiredAnnotations() map[string]string // RequiredSecrets returns secrets that you need to render for dex. RequiredSecrets(namespace string) []*corev1.Secret // RequiredVolumeMounts returns volume mounts that are related to dex. RequiredVolumeMounts() []corev1.VolumeMount // RequiredVolumes returns volumes that are related to dex. RequiredVolumes() []corev1.Volume }
DexKeyValidatorConfig is a config for (backend) servers that validate JWTs issued by Dex.
func NewDexKeyValidatorConfig ¶ added in v1.12.0
func NewDexKeyValidatorConfig( authentication *oprv1.Authentication, tlsSecret *corev1.Secret, clusterDomain string) DexKeyValidatorConfig
type DexRelyingPartyConfig ¶ added in v1.12.0
type DexRelyingPartyConfig interface { // JWKSURI returns the endpoint for public keys JWKSURI() string // TokenURI returns the endpoint for exchanging tokens TokenURI() string // UserInfoURI returns the endpoint for user info. UserInfoURI() string // ClientSecret returns the secret for Dex' auth endpoint ClientSecret() []byte // ManagerURI returns the address where the Manager UI can be found. Ex: https://example.org RequestedScopes() []string // UsernameClaim returns the part of the JWT that represents a unique username. UsernameClaim() string // GroupsClaim returns the part of the JWT that represents the list of user groups. GroupsClaim() string DexKeyValidatorConfig }
DexRelyingPartyConfig is a config for relying parties / applications that use Dex as their IdP.
func NewDexRelyingPartyConfig ¶ added in v1.12.0
func NewDexRelyingPartyConfig( authentication *oprv1.Authentication, tlsSecret *corev1.Secret, dexSecret *corev1.Secret, clusterDomain string) DexRelyingPartyConfig
type EksCloudwatchLogConfig ¶ added in v1.0.0
type ElasticsearchClusterConfig ¶ added in v1.2.0
type ElasticsearchClusterConfig struct {
// contains filtered or unexported fields
}
func NewElasticsearchClusterConfig ¶ added in v1.2.0
func NewElasticsearchClusterConfig(clusterName string, replicas int, shards int, flowShards int) *ElasticsearchClusterConfig
func NewElasticsearchClusterConfigFromConfigMap ¶ added in v1.2.0
func NewElasticsearchClusterConfigFromConfigMap(configMap *corev1.ConfigMap) (*ElasticsearchClusterConfig, error)
func (ElasticsearchClusterConfig) Annotation ¶ added in v1.2.0
func (c ElasticsearchClusterConfig) Annotation() string
func (ElasticsearchClusterConfig) ClusterName ¶ added in v1.2.0
func (c ElasticsearchClusterConfig) ClusterName() string
func (ElasticsearchClusterConfig) ConfigMap ¶ added in v1.2.0
func (c ElasticsearchClusterConfig) ConfigMap() *corev1.ConfigMap
func (ElasticsearchClusterConfig) FlowShards ¶ added in v1.6.0
func (c ElasticsearchClusterConfig) FlowShards() int
func (ElasticsearchClusterConfig) Replicas ¶ added in v1.2.0
func (c ElasticsearchClusterConfig) Replicas() int
func (ElasticsearchClusterConfig) Shards ¶ added in v1.2.0
func (c ElasticsearchClusterConfig) Shards() int
type ElasticsearchLicenseType ¶ added in v1.14.0
type ElasticsearchLicenseType string
type FluentdFilters ¶ added in v1.0.0
type GuardianComponent ¶ added in v1.2.0
type GuardianComponent struct {
// contains filtered or unexported fields
}
func (*GuardianComponent) Objects ¶ added in v1.2.0
func (c *GuardianComponent) Objects() ([]client.Object, []client.Object)
func (*GuardianComponent) Ready ¶ added in v1.2.0
func (c *GuardianComponent) Ready() bool
func (*GuardianComponent) ResolveImages ¶ added in v1.14.0
func (c *GuardianComponent) ResolveImages(is *operatorv1.ImageSet) error
func (*GuardianComponent) SupportedOSType ¶ added in v1.11.0
func (c *GuardianComponent) SupportedOSType() OSType
type OSType ¶ added in v1.11.0
type OSType string
This type helps ensure that we only use defined os types
type Renderer ¶
type Renderer interface {
Render() []Component
}
A Renderer is capable of generating components to be installed on the cluster.
func Calico ¶
func Calico( k8sServiceEp k8sapi.ServiceEndpoint, cr *operator.InstallationSpec, logStorageExists bool, managementCluster *operator.ManagementCluster, managementClusterConnection *operator.ManagementClusterConnection, authentication *operator.Authentication, pullSecrets []*corev1.Secret, typhaNodeTLS *TyphaNodeTLS, managerInternalTLSSecret *corev1.Secret, elasticsearchSecret *corev1.Secret, kibanaSecret *corev1.Secret, bt map[string]string, p operator.Provider, aci *operator.AmazonCloudIntegration, up bool, nodeAppArmorProfile string, clusterDomain string, esLicenseType ElasticsearchLicenseType, nodeReporterMetricsPort int, ) (Renderer, error)
type S3Credential ¶ added in v1.0.0
type SplunkCredential ¶ added in v1.4.0
Source Files ¶
- amazoncloudintegration.go
- apiserver.go
- aws-securitygroup-setup.go
- common.go
- compliance.go
- configmap.go
- crypto_utils.go
- csr.go
- dex.go
- dex_config.go
- elasticsearch_decorator.go
- elasticsearchclusterconfig.go
- fluentd.go
- guardian.go
- intrusion_detection.go
- kube-controllers.go
- logstorage.go
- manager.go
- namespaces.go
- node.go
- priority_class.go
- render.go
- secrets.go
- types.go
- typha.go