render

package
v1.14.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 31, 2021 License: Apache-2.0 Imports: 51 Imported by: 0

Documentation

Overview

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This renderer is responsible for all resources related to a Guardian Deployment in a multicluster setup.

Index

Constants

View Source 
const (
	AmazonCloudIntegrationNamespace      = "tigera-amazon-cloud-integration"
	AmazonCloudIntegrationComponentName  = "tigera-amazon-cloud-integration"
	AmazonCloudIntegrationCredentialName = "amazon-cloud-integration-credentials"
	AmazonCloudCredentialKeyIdName       = "key-id"
	AmazonCloudCredentialKeySecretName   = "key-secret"
)
View Source 
const (
	APIServerNamespace      = "tigera-system"
	APIServerTLSSecretName  = "tigera-apiserver-certs"
	APIServerSecretKeyName  = "apiserver.key"
	APIServerSecretCertName = "apiserver.crt"
	APIServiceName          = "tigera-api"
)
View Source 
const (
	Optional                   = true
	DefaultCertificateDuration = 100 * 365 * 24 * time.Hour

	OSTypeAny     OSType = "any"
	OSTypeLinux   OSType = "linux"
	OSTypeWindows OSType = "windows"

	// The name prefix used for the CA issuer, which is used for self-signed
	// certificates issued for operator-managed certificates.
	// NOTE: Do not change this field since we use this value to identify
	// certificates managed by this operator.
	TigeraOperatorCAIssuerPrefix = "tigera-operator-signer"
)
View Source 
const (
	ComplianceNamespace       = "tigera-compliance"
	ComplianceServiceName     = "compliance"
	ComplianceServerName      = "compliance-server"
	ComplianceControllerName  = "compliance-controller"
	ComplianceSnapshotterName = "compliance-snapshotter"
)
View Source 
const (
	ElasticsearchComplianceBenchmarkerUserSecret = "tigera-ee-compliance-benchmarker-elasticsearch-access"
	ElasticsearchComplianceControllerUserSecret  = "tigera-ee-compliance-controller-elasticsearch-access"
	ElasticsearchComplianceReporterUserSecret    = "tigera-ee-compliance-reporter-elasticsearch-access"
	ElasticsearchComplianceSnapshotterUserSecret = "tigera-ee-compliance-snapshotter-elasticsearch-access"
	ElasticsearchComplianceServerUserSecret      = "tigera-ee-compliance-server-elasticsearch-access"
	ElasticsearchCuratorUserSecret               = "tigera-ee-curator-elasticsearch-access"

	ComplianceServerCertSecret = "tigera-compliance-server-tls"
	ComplianceServerCertName   = "tls.crt"
	ComplianceServerKeyName    = "tls.key"
)
View Source 
const (
	VoltronDnsName     = "voltron"
	VoltronKeySizeBits = 2048
)

Voltron related constants.

View Source 
const (
	CSRClusterRoleName   = "tigera-csr-creator"
	CSRInitContainerName = "key-cert-provisioner"
)
View Source 
const (
	// Manifest object variables
	DexNamespace     = "tigera-dex"
	DexObjectName    = "tigera-dex"
	DexPort          = 5556
	DexTLSSecretName = "tigera-dex-tls"

	// Constants related to Dex configurations
	DexClientId = "tigera-manager"
)
View Source 
const (
	ClientSecretSecretField = "clientSecret"

	RootCASecretField   = "rootCA"
	OIDCSecretName      = "tigera-oidc-credentials"
	OpenshiftSecretName = "tigera-openshift-credentials"

	ClientIDSecretField = "clientID"
)
View Source 
const (
	ElasticsearchDefaultCertDir         = "/etc/ssl/elastic/"
	ElasticsearchDefaultCertDirWindows  = "c:/etc/ssl/elastic/"
	ElasticsearchDefaultCertPath        = ElasticsearchDefaultCertDir + "ca.pem"
	ElasticsearchDefaultCertPathWindows = ElasticsearchDefaultCertDirWindows + "ca.pem"
	TigeraElasticsearchCertSecret       = "tigera-secure-elasticsearch-cert"
	ElasticsearchPublicCertSecret       = "tigera-secure-es-http-certs-public"
)
View Source 
const (
	LogCollectorNamespace      = "tigera-fluentd"
	FluentdFilterConfigMapName = "fluentd-filters"
	FluentdFilterFlowName      = "flow"
	FluentdFilterDNSName       = "dns"
	S3FluentdSecretName        = "log-collector-s3-credentials"
	S3KeyIdName                = "key-id"
	S3KeySecretName            = "key-secret"

	ElasticsearchLogCollectorUserSecret    = "tigera-fluentd-elasticsearch-access"
	ElasticsearchEksLogForwarderUserSecret = "tigera-eks-log-forwarder-elasticsearch-access"
	EksLogForwarderSecret                  = "tigera-eks-log-forwarder-secret"
	EksLogForwarderAwsId                   = "aws-id"
	EksLogForwarderAwsKey                  = "aws-key"
	SplunkFluentdTokenSecretName           = "logcollector-splunk-credentials"
	SplunkFluentdSecretTokenKey            = "token"
	SplunkFluentdCertificateSecretName     = "logcollector-splunk-public-certificate"
	SplunkFluentdSecretCertificateKey      = "ca.pem"
	SplunkFluentdSecretsVolName            = "splunk-certificates"
	SplunkFluentdDefaultCertDir            = "/etc/ssl/splunk/"
	SplunkFluentdDefaultCertPath           = SplunkFluentdDefaultCertDir + SplunkFluentdSecretCertificateKey

	ProbeTimeoutSeconds = 5
	ProbePeriodSeconds  = 10
)
View Source 
const (
	GuardianName                   = "tigera-guardian"
	GuardianNamespace              = GuardianName
	GuardianServiceAccountName     = GuardianName
	GuardianClusterRoleName        = GuardianName
	GuardianClusterRoleBindingName = GuardianName
	GuardianDeploymentName         = GuardianName
	GuardianServiceName            = "tigera-guardian"
	GuardianVolumeName             = "tigera-guardian-certs"
	GuardianSecretName             = "tigera-managed-cluster-connection"
)

The names of the components related to the Guardian related rendered objects.

View Source 
const (
	IntrusionDetectionNamespace = "tigera-intrusion-detection"

	ElasticsearchIntrusionDetectionUserSecret    = "tigera-ee-intrusion-detection-elasticsearch-access"
	ElasticsearchIntrusionDetectionJobUserSecret = "tigera-ee-installer-elasticsearch-access"
	ElasticsearchADJobUserSecret                 = "tigera-ee-ad-job-elasticsearch-access"

	IntrusionDetectionInstallerJobName = "intrusion-detection-es-job-installer"
)
View Source 
const (
	ECKOperatorName         = "elastic-operator"
	ECKOperatorNamespace    = "tigera-eck-operator"
	ECKEnterpriseTrial      = "eck-trial-license"
	ECKLicenseConfigMapName = "elastic-licensing"

	ElasticsearchNamespace = "tigera-elasticsearch"

	ElasticsearchName                     = "tigera-secure"
	ElasticsearchConfigMapName            = "tigera-secure-elasticsearch"
	ElasticsearchServiceName              = "tigera-secure-es-http"
	ElasticsearchSecureSettingsSecretName = "tigera-elasticsearch-secure-settings"
	ElasticsearchOperatorUserSecret       = "tigera-ee-operator-elasticsearch-access"

	KibanaHTTPURL = "tigera-secure-kb-http.tigera-kibana.svc.%s"

	KibanaName             = "tigera-secure"
	KibanaNamespace        = "tigera-kibana"
	KibanaPublicCertSecret = "tigera-secure-kb-http-certs-public"
	TigeraKibanaCertSecret = "tigera-secure-kibana-cert"
	KibanaDefaultCertPath  = "/etc/ssl/kibana/ca.pem"
	KibanaBasePath         = "tigera-kibana"
	KibanaServiceName      = "tigera-secure-kb-http"

	DefaultElasticsearchClusterName = "cluster"
	DefaultElasticsearchReplicas    = 0
	DefaultElasticStorageGi         = 10

	LogStorageFinalizer = "tigera.io/eck-cleanup"

	EsCuratorName           = "elastic-curator"
	EsCuratorServiceAccount = "tigera-elastic-curator"

	OIDCUsersConfigMapName = "tigera-known-oidc-users"
	OIDCUsersEsSecreteName = "tigera-oidc-users-elasticsearch-credentials"

	ElasticsearchLicenseTypeBasic           ElasticsearchLicenseType = "basic"
	ElasticsearchLicenseTypeEnterprise      ElasticsearchLicenseType = "enterprise"
	ElasticsearchLicenseTypeEnterpriseTrial ElasticsearchLicenseType = "enterprise_trial"
	ElasticsearchLicenseTypeUnknown         ElasticsearchLicenseType = ""

	EsManagerRole               = "es-manager"
	EsManagerRoleBinding        = "es-manager"
	EsKubeControllerRole        = "es-calico-kube-controllers"
	EsKubeControllerRoleBinding = "es-calico-kube-controllers"

	KibanaTLSAnnotationHash        = "hash.operator.tigera.io/kb-secrets"
	ElasticsearchTLSHashAnnotation = "hash.operator.tigera.io/es-secrets"
)
View Source 
const (
	ManagerServiceName               = "tigera-manager"
	ManagerNamespace                 = "tigera-manager"
	ManagerServiceDNS                = "tigera-manager.tigera-manager.svc.%s"
	ManagerServiceIP                 = "localhost"
	ManagerServiceAccount            = "tigera-manager"
	ManagerClusterRole               = "tigera-manager-role"
	ManagerClusterRoleBinding        = "tigera-manager-binding"
	ManagerTLSSecretName             = "manager-tls"
	ManagerSecretKeyName             = "key"
	ManagerSecretCertName            = "cert"
	ManagerInternalTLSSecretName     = "internal-manager-tls"
	ManagerInternalTLSSecretCertName = "internal-manager-tls-cert"
	ManagerInternalSecretKeyName     = "key"
	ManagerInternalSecretCertName    = "cert"
	ManagerOIDCConfig                = "tigera-manager-oidc-config"

	ElasticsearchManagerUserSecret = "tigera-ee-manager-elasticsearch-access"

	ManagerInternalTLSHashAnnotation = "hash.operator.tigera.io/internal-tls-secret"

	KibanaTLSHashAnnotation = "hash.operator.tigera.io/kibana-secrets"
)
View Source 
const (
	VoltronName                 = "tigera-voltron"
	VoltronTunnelSecretName     = "tigera-management-cluster-connection"
	VoltronTunnelSecretCertName = "cert"
	VoltronTunnelSecretKeyName  = "key"
)

ManagementClusterConnection configuration constants

View Source 
const (
	BirdTemplatesConfigMapName = "bird-templates"

	CSRLabelCalicoSystem = "calico-system"
)
View Source 
const (
	TyphaServiceName              = "calico-typha"
	TyphaPortName                 = "calico-typha"
	TyphaK8sAppName               = "calico-typha"
	TyphaServiceAccountName       = "calico-typha"
	AppLabelName                  = "k8s-app"
	TyphaPort               int32 = 5473
)
View Source 
const (
	PriorityClassName = "calico-priority"
)
View Source 
const TigeraAWSSGSetupName = "tigera-aws-security-group-setup"

Variables

View Source 
var (
	TyphaCAConfigMapName = "typha-ca"
	TyphaCABundleName    = "caBundle"
	TyphaTLSSecretName   = "typha-certs"
	NodeTLSSecretName    = "node-certs"
	TLSSecretCertName    = "cert.crt"
	TLSSecretKeyName     = "key.key"
	CommonName           = "common-name"
	URISAN               = "uri-san"
	TyphaCommonName      = "typha-server"
	FelixCommonName      = "typha-client"
)

Functions

func AnnotationHash added in v1.0.0 

func AnnotationHash(i interface{}) string

AnnotationHash is to generate a hash that can be included in a Deployment or DaemonSet to trigger a restart/rolling update when a ConfigMap or Secret is updated.

func Bool added in v1.10.1 

func Bool(b bool) *bool

func CopySecrets added in v1.4.0 

func CopySecrets(ns string, oSecrets ...*v1.Secret) []*v1.Secret

func CreateCSRInitContainer added in v1.14.0 

func CreateCSRInitContainer(
	installation *operator.InstallationSpec,
	image string,
	mountName string,
	commonName string,
	keyName string,
	certName string,
	dnsNames []string,
	appNameLabel string) corev1.Container

CreateCSRInitContainer creates an init container that can be added to a pod spec in order to create a CSR for its TLS certificates. It uses the provided params and the k8s downward api to be able to specify certificate subject information.

func CreateDexClientSecret added in v1.12.0 

func CreateDexClientSecret() *corev1.Secret

func CreateDexTLSSecret added in v1.12.0 

func CreateDexTLSSecret(dexCommonName string) *corev1.Secret

func CreateOperatorTLSSecret added in v1.4.0 

func CreateOperatorTLSSecret(
	ca *crypto.CA,
	secretName string,
	secretKeyName string,
	secretCertName string,
	dur time.Duration,
	cef []crypto.CertificateExtensionFunc,
	hostnames ...string,
) (*v1.Secret, error)

CreateOperatorTLSSecret Creates a new TLS secret with the information passed 

ca: The ca to use for creating the Cert/Key pair. If nil then a
    self-signed CA will be created
secretName: The name of the secret.
secretKeyName: The name of the data field that will contain the key.
secretCertName: The name of the data field that will contain the cert.
dur: How long the certificate will be valid.
hostnames: The first will be used as the CN, and the rest as SANs. If
  no hostnames are provided then "localhost" will be used.

func ElasticsearchContainerDecorate added in v1.0.0 

func ElasticsearchContainerDecorate(c corev1.Container, cluster, secret, clusterDomain string, osType OSType) corev1.Container

func ElasticsearchContainerDecorateENVVars added in v1.0.0 

func ElasticsearchContainerDecorateENVVars(c corev1.Container, cluster, esUserSecretName, clusterDomain string, osType OSType) corev1.Container

func ElasticsearchContainerDecorateIndexCreator added in v1.0.2 

func ElasticsearchContainerDecorateIndexCreator(c corev1.Container, replicas, shards int) corev1.Container

func ElasticsearchContainerDecorateVolumeMounts added in v1.0.0 

func ElasticsearchContainerDecorateVolumeMounts(c corev1.Container, osType OSType) corev1.Container

func ElasticsearchDefaultVolume added in v1.0.0 

func ElasticsearchDefaultVolume() corev1.Volume

func ElasticsearchDefaultVolumeMount added in v1.0.0 

func ElasticsearchDefaultVolumeMount(osType OSType) corev1.VolumeMount

func ElasticsearchHTTPSEndpoint added in v1.0.0 

func ElasticsearchHTTPSEndpoint(osType OSType, clusterDomain string) string

func ElasticsearchPodSpecDecorate added in v1.0.0 

func ElasticsearchPodSpecDecorate(p corev1.PodSpec) corev1.PodSpec

func GetIPv4Pool added in v1.2.0 

func GetIPv4Pool(pools []operator.IPPool) *operator.IPPool

GetIPv4Pool returns the IPv4 IPPool in an instalation, or nil if one can't be found.

func GetIPv6Pool added in v1.2.0 

func GetIPv6Pool(pools []operator.IPPool) *operator.IPPool

GetIPv6Pool returns the IPv6 IPPool in an instalation, or nil if one can't be found.

func GetResourceRequirements added in v1.7.0 

func GetResourceRequirements(i *operatorv1.InstallationSpec, name operatorv1.ComponentName) v1.ResourceRequirements

GetResourceRequirements retrieves the component ResourcesRequirements from the installation If it doesn't exist, it returns an empty ResourceRequirements struct

func GetTigeraSecurityGroupEnvVariables added in v1.8.0 

func GetTigeraSecurityGroupEnvVariables(aci *operator.AmazonCloudIntegration) []corev1.EnvVar

func Int64 added in v1.10.1 

func Int64(i int64) *int64

func KibanaHTTPSEndpoint added in v1.0.0 

func KibanaHTTPSEndpoint(osType OSType, clusterDomain string) string

func KubeControllers 

func KubeControllers(
	k8sServiceEp k8sapi.ServiceEndpoint,
	cr *operator.InstallationSpec,
	logStorageExists bool,
	managementCluster *operator.ManagementCluster,
	managementClusterConnection *operator.ManagementClusterConnection,
	managerInternalSecret *v1.Secret,
	elasticsearchSecret *v1.Secret,
	kibanaSecret *v1.Secret,
	authentication *operator.Authentication,
	esLicenseType ElasticsearchLicenseType,
) *kubeControllersComponent

func OperatorNamespace added in v1.0.0 

func OperatorNamespace() string

func ParseEndpoint 

func ParseEndpoint(endpoint string) (string, string, string, error)

ParseEndpoint parses an endpoint of the form scheme://host:port and returns the components.

func ParseHostPort added in v1.0.0 

func ParseHostPort(hostport string) (string, string, error)

func ResolveCSRInitImage added in v1.14.0 

func ResolveCSRInitImage(inst *operator.InstallationSpec, is *operator.ImageSet) (string, error)

ResolveCsrInitImage resolves the image needed for the CSR init image taking into account the specified ImageSet

func SetTestLogger 

func SetTestLogger(l logr.Logger)

Types

type AmazonCredential added in v1.8.0 

type AmazonCredential struct {
	KeyId     []byte
	KeySecret []byte
}

func ConvertSecretToCredential added in v1.8.0 

func ConvertSecretToCredential(s *corev1.Secret) (*AmazonCredential, error)

type Annotatable added in v1.2.0 

type Annotatable interface {
	SetAnnotations(map[string]string)
	GetAnnotations() map[string]string
}

func ElasticsearchDecorateAnnotations added in v1.2.0 

func ElasticsearchDecorateAnnotations(obj Annotatable, config *ElasticsearchClusterConfig, secrets []*corev1.Secret) Annotatable

type Component 

type Component interface {
	// ResolveImages should call components.GetReference for all images that the Component
	// needs, passing 'is' to the GetReference call and if there are any errors those
	// are returned. It is valid to pass nil for 'is' as GetReference accepts the value.
	// ResolveImages must be called before Objects is called for the component.
	ResolveImages(is *operator.ImageSet) error

	// Objects returns the lists of objects in this component that should be created and/or deleted during
	// rendering.
	Objects() (objsToCreate, objsToDelete []client.Object)

	// Ready returns true if the component is ready to be created.
	Ready() bool

	// SupportedOSTypes returns operating systems that is supported of the components returned by the Objects() function.
	// The "componentHandler" converts the returned OSTypes to a node selectors for the "kubernetes.io/os" label on client.Objects
	// that create pods. Return OSTypeAny means that no node selector should be set for the "kubernetes.io/os" label.
	SupportedOSType() OSType
}

func APIServer 

func APIServer(k8sServiceEndpoint k8sapi.ServiceEndpoint, installation *operator.InstallationSpec, managementCluster *operator.ManagementCluster, managementClusterConnection *operator.ManagementClusterConnection, aci *operator.AmazonCloudIntegration, tlsKeyPair *corev1.Secret, pullSecrets []*corev1.Secret, openshift bool, tunnelCASecret *corev1.Secret, clusterDomain string) (Component, error)

func AWSSecurityGroupSetup added in v1.0.0 

func AWSSecurityGroupSetup(ps []corev1.LocalObjectReference, installcr *operator.InstallationSpec) (Component, error)

func AmazonCloudIntegration added in v1.8.0 

func AmazonCloudIntegration(aci *operator.AmazonCloudIntegration, installation *operator.InstallationSpec, cred *AmazonCredential, ps []*corev1.Secret, openshift bool) (Component, error)

func Compliance 

func Compliance(
	esSecrets []*corev1.Secret,
	managerInternalTLSSecret *corev1.Secret,
	installation *operatorv1.InstallationSpec,
	complianceServerCertSecret *corev1.Secret,
	esClusterConfig *ElasticsearchClusterConfig,
	pullSecrets []*corev1.Secret,
	openshift bool,
	managementCluster *operatorv1.ManagementCluster,
	managementClusterConnection *operatorv1.ManagementClusterConnection,
	dexCfg DexKeyValidatorConfig,
	clusterDomain string,
) (Component, error)

func ConfigMaps added in v1.0.0 

func ConfigMaps(cms []*corev1.ConfigMap) Component

func Dex added in v1.12.0 

func Dex(
	pullSecrets []*corev1.Secret,
	openshift bool,
	installation *oprv1.InstallationSpec,
	dexConfig DexConfig,
) Component

func Fluentd added in v1.0.0 

func Fluentd(
	lc *operatorv1.LogCollector,
	esSecrets []*corev1.Secret,
	esClusterConfig *ElasticsearchClusterConfig,
	s3C *S3Credential,
	spC *SplunkCredential,
	f *FluentdFilters,
	eksConfig *EksCloudwatchLogConfig,
	pullSecrets []*corev1.Secret,
	installation *operatorv1.InstallationSpec,
	clusterDomain string,
	osType OSType,
) Component

func Guardian added in v1.2.0 

func Guardian(
	url string,
	pullSecrets []*corev1.Secret,
	openshift bool,
	installation *operatorv1.InstallationSpec,
	tunnelSecret *corev1.Secret,
) Component

func IntrusionDetection 

func IntrusionDetection(
	lc *operator.LogCollector,
	esSecrets []*corev1.Secret,
	kibanaCertSecret *corev1.Secret,
	installation *operator.InstallationSpec,
	esClusterConfig *ElasticsearchClusterConfig,
	pullSecrets []*corev1.Secret,
	openshift bool,
	clusterDomain string,
	esLicenseType ElasticsearchLicenseType,
) Component

func LogStorage added in v1.4.0 

func LogStorage(
	logStorage *operatorv1.LogStorage,
	installation *operatorv1.InstallationSpec,
	managementCluster *operatorv1.ManagementCluster,
	managementClusterConnection *operatorv1.ManagementClusterConnection,
	elasticsearch *esv1.Elasticsearch,
	kibana *kbv1.Kibana,
	clusterConfig *ElasticsearchClusterConfig,
	elasticsearchSecrets []*corev1.Secret,
	kibanaSecrets []*corev1.Secret,
	pullSecrets []*corev1.Secret,
	provider operatorv1.Provider,
	curatorSecrets []*corev1.Secret,
	esService *corev1.Service,
	kbService *corev1.Service,
	clusterDomain string,
	applyTrial bool,
	dexCfg DexRelyingPartyConfig,
	elasticLicenseType ElasticsearchLicenseType) Component

Elasticsearch renders the

func Manager added in v1.0.0 

func Manager(
	dexCfg DexKeyValidatorConfig,
	esSecrets []*corev1.Secret,
	kibanaSecrets []*corev1.Secret,
	complianceServerCertSecret *corev1.Secret,
	esClusterConfig *ElasticsearchClusterConfig,
	tlsKeyPair *corev1.Secret,
	pullSecrets []*corev1.Secret,
	openshift bool,
	installation *operator.InstallationSpec,
	managementCluster *operator.ManagementCluster,
	tunnelSecret *corev1.Secret,
	internalTrafficSecret *corev1.Secret,
	clusterDomain string,
	esLicenseType ElasticsearchLicenseType,
) (Component, error)

func Namespaces 

func Namespaces(installation *operatorv1.InstallationSpec, pullSecrets []*corev1.Secret) Component

func Node 

func Node(
	k8sServiceEp k8sapi.ServiceEndpoint,
	cr *operator.InstallationSpec,
	bt map[string]string,
	tnTLS *TyphaNodeTLS,
	aci *operator.AmazonCloudIntegration,
	migrate bool,
	nodeAppArmorProfile string,
	clusterDomain string,
	nodeReporterMetricsPort int,
) Component

Node creates the node daemonset and other resources for the daemonset to operate normally.

func PriorityClassDefinitions 

func PriorityClassDefinitions() Component

func Secrets added in v1.0.0 

func Secrets(secrets []*corev1.Secret) Component

func Typha added in v1.0.0 

func Typha(
	k8sServiceEp k8sapi.ServiceEndpoint,
	installation *operator.InstallationSpec,
	tnTLS *TyphaNodeTLS,
	aci *operator.AmazonCloudIntegration,
	migrationNeeded bool,
	clusterDomain string,
) Component

Typha creates the typha daemonset and other resources for the daemonset to operate normally.

type DexConfig added in v1.12.0 

type DexConfig interface {
	Connector() map[string]interface{}
	DexKeyValidatorConfig
}

DexConfig is a config for DexIdP itself.

func NewDexConfig added in v1.12.0 

func NewDexConfig(
	authentication *oprv1.Authentication,
	tlsSecret *corev1.Secret,
	dexSecret *corev1.Secret,
	idpSecret *corev1.Secret,
	clusterDomain string) DexConfig

Create a new DexConfig.

type DexKeyValidatorConfig added in v1.12.0 

type DexKeyValidatorConfig interface {
	// ManagerURI returns the address where the Manager UI can be found. Ex: https://example.org
	ManagerURI() string
	// RequiredEnv returns env that is used to configure pods with dex options.
	RequiredEnv(prefix string) []corev1.EnvVar
	// RequiredAnnotations returns annotations that make your the pods get refreshed if any of the config/secrets change.
	RequiredAnnotations() map[string]string
	// RequiredSecrets returns secrets that you need to render for dex.
	RequiredSecrets(namespace string) []*corev1.Secret
	// RequiredVolumeMounts returns volume mounts that are related to dex.
	RequiredVolumeMounts() []corev1.VolumeMount
	// RequiredVolumes returns volumes that are related to dex.
	RequiredVolumes() []corev1.Volume
}

DexKeyValidatorConfig is a config for (backend) servers that validate JWTs issued by Dex.

func NewDexKeyValidatorConfig added in v1.12.0 

func NewDexKeyValidatorConfig(
	authentication *oprv1.Authentication,
	tlsSecret *corev1.Secret,
	clusterDomain string) DexKeyValidatorConfig

type DexRelyingPartyConfig added in v1.12.0 

type DexRelyingPartyConfig interface {
	// JWKSURI returns the endpoint for public keys
	JWKSURI() string
	// TokenURI returns the endpoint for exchanging tokens
	TokenURI() string
	// UserInfoURI returns the endpoint for user info.
	UserInfoURI() string
	// ClientSecret returns the secret for Dex' auth endpoint
	ClientSecret() []byte
	// ManagerURI returns the address where the Manager UI can be found. Ex: https://example.org
	RequestedScopes() []string
	// UsernameClaim returns the part of the JWT that represents a unique username.
	UsernameClaim() string
	DexKeyValidatorConfig
}

DexRelyingPartyConfig is a config for relying parties / applications that use Dex as their IdP.

func NewDexRelyingPartyConfig added in v1.12.0 

func NewDexRelyingPartyConfig(
	authentication *oprv1.Authentication,
	tlsSecret *corev1.Secret,
	dexSecret *corev1.Secret,
	clusterDomain string) DexRelyingPartyConfig

type EksCloudwatchLogConfig added in v1.0.0 

type EksCloudwatchLogConfig struct {
	AwsId         []byte
	AwsKey        []byte
	AwsRegion     string
	GroupName     string
	StreamPrefix  string
	FetchInterval int32
}

type ElasticsearchClusterConfig added in v1.2.0 

type ElasticsearchClusterConfig struct {
	// contains filtered or unexported fields
}

func NewElasticsearchClusterConfig added in v1.2.0 

func NewElasticsearchClusterConfig(clusterName string, replicas int, shards int, flowShards int) *ElasticsearchClusterConfig

func NewElasticsearchClusterConfigFromConfigMap added in v1.2.0 

func NewElasticsearchClusterConfigFromConfigMap(configMap *corev1.ConfigMap) (*ElasticsearchClusterConfig, error)

func (ElasticsearchClusterConfig) Annotation added in v1.2.0 

func (c ElasticsearchClusterConfig) Annotation() string

func (ElasticsearchClusterConfig) ClusterName added in v1.2.0 

func (c ElasticsearchClusterConfig) ClusterName() string

func (ElasticsearchClusterConfig) ConfigMap added in v1.2.0 

func (c ElasticsearchClusterConfig) ConfigMap() *corev1.ConfigMap

func (ElasticsearchClusterConfig) FlowShards added in v1.6.0 

func (c ElasticsearchClusterConfig) FlowShards() int

func (ElasticsearchClusterConfig) Replicas added in v1.2.0 

func (c ElasticsearchClusterConfig) Replicas() int

func (ElasticsearchClusterConfig) Shards added in v1.2.0 

func (c ElasticsearchClusterConfig) Shards() int

type ElasticsearchLicenseType added in v1.14.0 

type ElasticsearchLicenseType string

type FluentdFilters added in v1.0.0 

type FluentdFilters struct {
	Flow string
	DNS  string
}

type GuardianComponent added in v1.2.0 

type GuardianComponent struct {
	// contains filtered or unexported fields
}

func (*GuardianComponent) Objects added in v1.2.0 

func (c *GuardianComponent) Objects() ([]client.Object, []client.Object)

func (*GuardianComponent) Ready added in v1.2.0 

func (c *GuardianComponent) Ready() bool

func (*GuardianComponent) ResolveImages added in v1.14.0 

func (c *GuardianComponent) ResolveImages(is *operatorv1.ImageSet) error

func (*GuardianComponent) SupportedOSType added in v1.11.0 

func (c *GuardianComponent) SupportedOSType() OSType

type OSType added in v1.11.0 

type OSType string

This type helps ensure that we only use defined os types

type Renderer 

type Renderer interface {
	Render() []Component
}

A Renderer is capable of generating components to be installed on the cluster.

func Calico 

func Calico(
	k8sServiceEp k8sapi.ServiceEndpoint,
	cr *operator.InstallationSpec,
	logStorageExists bool,
	managementCluster *operator.ManagementCluster,
	managementClusterConnection *operator.ManagementClusterConnection,
	authentication *operator.Authentication,
	pullSecrets []*corev1.Secret,
	typhaNodeTLS *TyphaNodeTLS,
	managerInternalTLSSecret *corev1.Secret,
	elasticsearchSecret *corev1.Secret,
	kibanaSecret *corev1.Secret,
	bt map[string]string,
	p operator.Provider,
	aci *operator.AmazonCloudIntegration,
	up bool,
	nodeAppArmorProfile string,
	clusterDomain string,
	esLicenseType ElasticsearchLicenseType,
	nodeReporterMetricsPort int,
) (Renderer, error)

type S3Credential added in v1.0.0 

type S3Credential struct {
	KeyId     []byte
	KeySecret []byte
}

type SplunkCredential added in v1.4.0 

type SplunkCredential struct {
	Token       []byte
	Certificate []byte
}

type TyphaNodeTLS added in v1.0.0 

type TyphaNodeTLS struct {
	CAConfigMap *corev1.ConfigMap
	TyphaSecret *corev1.Secret
	NodeSecret  *corev1.Secret
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.