Documentation
¶
Overview ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
This renderer is responsible for all resources related to a Guardian Deployment in a multicluster setup.
Index ¶
- Constants
- Variables
- func CreateCSRInitContainer(installation *operator.InstallationSpec, image string, mountName string, ...) corev1.Container
- func CreateDexClientSecret() *corev1.Secret
- func CreateDexTLSSecret(dexCommonName string) *corev1.Secret
- func GetIPv4Pool(pools []operator.IPPool) *operator.IPPool
- func GetIPv6Pool(pools []operator.IPPool) *operator.IPPool
- func GetTigeraSecurityGroupEnvVariables(aci *operator.AmazonCloudIntegration) []corev1.EnvVar
- func KubeControllers(k8sServiceEp k8sapi.ServiceEndpoint, cr *operator.InstallationSpec, ...) *kubeControllersComponent
- func ResolveCSRInitImage(inst *operator.InstallationSpec, is *operator.ImageSet) (string, error)
- func SetTestLogger(l logr.Logger)
- type AmazonCredential
- type Component
- func APIServer(k8sServiceEndpoint k8sapi.ServiceEndpoint, ...) (Component, error)
- func AWSSecurityGroupSetup(ps []corev1.LocalObjectReference, installcr *operator.InstallationSpec) (Component, error)
- func AmazonCloudIntegration(aci *operator.AmazonCloudIntegration, installation *operator.InstallationSpec, ...) (Component, error)
- func Compliance(esSecrets []*corev1.Secret, managerInternalTLSSecret *corev1.Secret, ...) (Component, error)
- func ConfigMaps(cms []*corev1.ConfigMap) Component
- func Dex(pullSecrets []*corev1.Secret, openshift bool, ...) Component
- func Fluentd(lc *operatorv1.LogCollector, esSecrets []*corev1.Secret, ...) Component
- func Guardian(url string, pullSecrets []*corev1.Secret, openshift bool, ...) Component
- func IntrusionDetection(lc *operator.LogCollector, esSecrets []*corev1.Secret, ...) Component
- func LogStorage(logStorage *operatorv1.LogStorage, installation *operatorv1.InstallationSpec, ...) Component
- func Manager(dexCfg DexKeyValidatorConfig, esSecrets []*corev1.Secret, ...) (Component, error)
- func Namespaces(installation *operatorv1.InstallationSpec, pullSecrets []*corev1.Secret) Component
- func Node(k8sServiceEp k8sapi.ServiceEndpoint, cr *operator.InstallationSpec, ...) Component
- func PriorityClassDefinitions() Component
- func Secrets(secrets []*corev1.Secret) Component
- func Typha(k8sServiceEp k8sapi.ServiceEndpoint, installation *operator.InstallationSpec, ...) Component
- type DexConfig
- type DexKeyValidatorConfig
- type DexRelyingPartyConfig
- type EksCloudwatchLogConfig
- type ElasticsearchLicenseType
- type FluentdFilters
- type GuardianComponent
- type Renderer
- type S3Credential
- type SplunkCredential
- type TyphaNodeTLS
Constants ¶
View Source
const ( AmazonCloudIntegrationNamespace = "tigera-amazon-cloud-integration" AmazonCloudIntegrationComponentName = "tigera-amazon-cloud-integration" AmazonCloudIntegrationCredentialName = "amazon-cloud-integration-credentials" AmazonCloudCredentialKeyIdName = "key-id" AmazonCloudCredentialKeySecretName = "key-secret" )
View Source
const ( APIServerNamespace = "tigera-system" APIServerTLSSecretName = "tigera-apiserver-certs" APIServerSecretKeyName = "apiserver.key" APIServerSecretCertName = "apiserver.crt" APIServiceName = "tigera-api" )
View Source
const ( ComplianceNamespace = "tigera-compliance" ComplianceServiceName = "compliance" ComplianceServerName = "compliance-server" ComplianceControllerName = "compliance-controller" ComplianceSnapshotterName = "compliance-snapshotter" )
View Source
const ( ElasticsearchComplianceBenchmarkerUserSecret = "tigera-ee-compliance-benchmarker-elasticsearch-access" ElasticsearchComplianceControllerUserSecret = "tigera-ee-compliance-controller-elasticsearch-access" ElasticsearchComplianceReporterUserSecret = "tigera-ee-compliance-reporter-elasticsearch-access" ElasticsearchComplianceSnapshotterUserSecret = "tigera-ee-compliance-snapshotter-elasticsearch-access" ElasticsearchComplianceServerUserSecret = "tigera-ee-compliance-server-elasticsearch-access" ElasticsearchCuratorUserSecret = "tigera-ee-curator-elasticsearch-access" ComplianceServerCertSecret = "tigera-compliance-server-tls" ComplianceServerCertName = "tls.crt" ComplianceServerKeyName = "tls.key" )
View Source
const ( VoltronDnsName = "voltron" VoltronKeySizeBits = 2048 )
Voltron related constants.
View Source
const ( CSRClusterRoleName = "tigera-csr-creator" CSRInitContainerName = "key-cert-provisioner" )
View Source
const ( // Manifest object variables DexNamespace = "tigera-dex" DexObjectName = "tigera-dex" DexPort = 5556 DexTLSSecretName = "tigera-dex-tls" // Constants related to Dex configurations DexClientId = "tigera-manager" )
View Source
const ( ClientSecretSecretField = "clientSecret" RootCASecretField = "rootCA" OIDCSecretName = "tigera-oidc-credentials" OpenshiftSecretName = "tigera-openshift-credentials" LDAPSecretName = "tigera-ldap-credentials" ClientIDSecretField = "clientID" BindDNSecretField = "bindDN" BindPWSecretField = "bindPW" )
View Source
const ( LogCollectorNamespace = "tigera-fluentd" FluentdFilterConfigMapName = "fluentd-filters" FluentdFilterFlowName = "flow" FluentdFilterDNSName = "dns" S3FluentdSecretName = "log-collector-s3-credentials" S3KeyIdName = "key-id" S3KeySecretName = "key-secret" ElasticsearchLogCollectorUserSecret = "tigera-fluentd-elasticsearch-access" ElasticsearchEksLogForwarderUserSecret = "tigera-eks-log-forwarder-elasticsearch-access" EksLogForwarderSecret = "tigera-eks-log-forwarder-secret" EksLogForwarderAwsId = "aws-id" EksLogForwarderAwsKey = "aws-key" SplunkFluentdTokenSecretName = "logcollector-splunk-credentials" SplunkFluentdSecretTokenKey = "token" SplunkFluentdCertificateSecretName = "logcollector-splunk-public-certificate" SplunkFluentdSecretCertificateKey = "ca.pem" SplunkFluentdSecretsVolName = "splunk-certificates" SplunkFluentdDefaultCertDir = "/etc/ssl/splunk/" SplunkFluentdDefaultCertPath = SplunkFluentdDefaultCertDir + SplunkFluentdSecretCertificateKey ProbeTimeoutSeconds = 5 ProbePeriodSeconds = 10 )
View Source
const ( GuardianName = "tigera-guardian" GuardianNamespace = GuardianName GuardianServiceAccountName = GuardianName GuardianClusterRoleName = GuardianName GuardianClusterRoleBindingName = GuardianName GuardianDeploymentName = GuardianName GuardianServiceName = "tigera-guardian" GuardianVolumeName = "tigera-guardian-certs" GuardianSecretName = "tigera-managed-cluster-connection" )
The names of the components related to the Guardian related rendered objects.
View Source
const ( IntrusionDetectionNamespace = "tigera-intrusion-detection" ElasticsearchIntrusionDetectionUserSecret = "tigera-ee-intrusion-detection-elasticsearch-access" ElasticsearchIntrusionDetectionJobUserSecret = "tigera-ee-installer-elasticsearch-access" ElasticsearchADJobUserSecret = "tigera-ee-ad-job-elasticsearch-access" IntrusionDetectionInstallerJobName = "intrusion-detection-es-job-installer" )
View Source
const ( ECKOperatorName = "elastic-operator" ECKOperatorNamespace = "tigera-eck-operator" ECKEnterpriseTrial = "eck-trial-license" ECKLicenseConfigMapName = "elastic-licensing" ElasticsearchNamespace = "tigera-elasticsearch" TigeraElasticsearchCertSecret = "tigera-secure-elasticsearch-cert" ElasticsearchName = "tigera-secure" ElasticsearchServiceName = "tigera-secure-es-http" ElasticsearchSecureSettingsSecretName = "tigera-elasticsearch-secure-settings" ElasticsearchOperatorUserSecret = "tigera-ee-operator-elasticsearch-access" ElasticsearchAdminUserSecret = "tigera-secure-es-elastic-user" KibanaHTTPSEndpoint = "https://tigera-secure-kb-http.tigera-kibana.svc.%s:5601" KibanaName = "tigera-secure" KibanaNamespace = "tigera-kibana" KibanaPublicCertSecret = "tigera-secure-kb-http-certs-public" TigeraKibanaCertSecret = "tigera-secure-kibana-cert" KibanaDefaultCertPath = "/etc/ssl/kibana/ca.pem" KibanaBasePath = "tigera-kibana" KibanaServiceName = "tigera-secure-kb-http" DefaultElasticsearchClusterName = "cluster" DefaultElasticsearchReplicas = 0 DefaultElasticStorageGi = 10 LogStorageFinalizer = "tigera.io/eck-cleanup" EsCuratorName = "elastic-curator" EsCuratorServiceAccount = "tigera-elastic-curator" OIDCUsersConfigMapName = "tigera-known-oidc-users" OIDCUsersEsSecreteName = "tigera-oidc-users-elasticsearch-credentials" ElasticsearchLicenseTypeBasic ElasticsearchLicenseType = "basic" ElasticsearchLicenseTypeEnterprise ElasticsearchLicenseType = "enterprise" ElasticsearchLicenseTypeEnterpriseTrial ElasticsearchLicenseType = "enterprise_trial" ElasticsearchLicenseTypeUnknown ElasticsearchLicenseType = "" EsManagerRole = "es-manager" EsManagerRoleBinding = "es-manager" EsKubeControllerRole = "es-calico-kube-controllers" EsKubeControllerRoleBinding = "es-calico-kube-controllers" KibanaTLSAnnotationHash = "hash.operator.tigera.io/kb-secrets" ElasticsearchTLSHashAnnotation = "hash.operator.tigera.io/es-secrets" )
View Source
const ( ManagerServiceName = "tigera-manager" ManagerNamespace = "tigera-manager" ManagerServiceDNS = "tigera-manager.tigera-manager.svc.%s" ManagerServiceIP = "localhost" ManagerServiceAccount = "tigera-manager" ManagerClusterRole = "tigera-manager-role" ManagerClusterRoleBinding = "tigera-manager-binding" ManagerTLSSecretName = "manager-tls" ManagerSecretKeyName = "key" ManagerSecretCertName = "cert" ManagerInternalTLSSecretName = "internal-manager-tls" ManagerInternalTLSSecretCertName = "internal-manager-tls-cert" ManagerInternalSecretKeyName = "key" ManagerInternalSecretCertName = "cert" ManagerOIDCConfig = "tigera-manager-oidc-config" ElasticsearchManagerUserSecret = "tigera-ee-manager-elasticsearch-access" ManagerInternalTLSHashAnnotation = "hash.operator.tigera.io/internal-tls-secret" KibanaTLSHashAnnotation = "hash.operator.tigera.io/kibana-secrets" ElasticsearchUserHashAnnotation = "hash.operator.tigera.io/elasticsearch-user" )
View Source
const ( VoltronName = "tigera-voltron" VoltronTunnelSecretName = "tigera-management-cluster-connection" VoltronTunnelSecretCertName = "cert" VoltronTunnelSecretKeyName = "key" )
ManagementClusterConnection configuration constants
View Source
const ( BirdTemplatesConfigMapName = "bird-templates" CSRLabelCalicoSystem = "calico-system" K8sSvcEndpointConfigMapName = "kubernetes-services-endpoint" )
View Source
const ( TyphaServiceName = "calico-typha" TyphaPortName = "calico-typha" TyphaK8sAppName = "calico-typha" TyphaServiceAccountName = "calico-typha" AppLabelName = "k8s-app" TyphaPort int32 = 5473 )
View Source
const (
ElasticsearchKubeControllersUserSecret = "tigera-ee-kube-controllers-elasticsearch-access"
)
View Source
const (
PriorityClassName = "calico-priority"
)
View Source
const TigeraAWSSGSetupName = "tigera-aws-security-group-setup"
Variables ¶
View Source
var ( TyphaCAConfigMapName = "typha-ca" TyphaCABundleName = "caBundle" TyphaTLSSecretName = "typha-certs" NodeTLSSecretName = "node-certs" TLSSecretCertName = "cert.crt" TLSSecretKeyName = "key.key" CommonName = "common-name" URISAN = "uri-san" TyphaCommonName = "typha-server" FelixCommonName = "typha-client" )
Functions ¶
func CreateCSRInitContainer ¶ added in v1.14.0
func CreateCSRInitContainer( installation *operator.InstallationSpec, image string, mountName string, commonName string, keyName string, certName string, dnsNames []string, appNameLabel string) corev1.Container
CreateCSRInitContainer creates an init container that can be added to a pod spec in order to create a CSR for its TLS certificates. It uses the provided params and the k8s downward api to be able to specify certificate subject information.
func CreateDexClientSecret ¶ added in v1.12.0
func CreateDexTLSSecret ¶ added in v1.12.0
func GetIPv4Pool ¶ added in v1.2.0
GetIPv4Pool returns the IPv4 IPPool in an instalation, or nil if one can't be found.
func GetIPv6Pool ¶ added in v1.2.0
GetIPv6Pool returns the IPv6 IPPool in an instalation, or nil if one can't be found.
func GetTigeraSecurityGroupEnvVariables ¶ added in v1.8.0
func GetTigeraSecurityGroupEnvVariables(aci *operator.AmazonCloudIntegration) []corev1.EnvVar
func KubeControllers ¶
func KubeControllers( k8sServiceEp k8sapi.ServiceEndpoint, cr *operator.InstallationSpec, logStorageExists bool, managementCluster *operator.ManagementCluster, managementClusterConnection *operator.ManagementClusterConnection, managerInternalSecret *v1.Secret, elasticsearchSecret *v1.Secret, kibanaSecret *v1.Secret, authentication *operator.Authentication, esLicenseType ElasticsearchLicenseType, clusterDomain string, esAdminSecret *v1.Secret, metricsPort int, ) *kubeControllersComponent
func ResolveCSRInitImage ¶ added in v1.14.0
ResolveCsrInitImage resolves the image needed for the CSR init image taking into account the specified ImageSet
func SetTestLogger ¶
Types ¶
type AmazonCredential ¶ added in v1.8.0
func ConvertSecretToCredential ¶ added in v1.8.0
func ConvertSecretToCredential(s *corev1.Secret) (*AmazonCredential, error)
type Component ¶
type Component interface {
// ResolveImages should call components.GetReference for all images that the Component
// needs, passing 'is' to the GetReference call and if there are any errors those
// are returned. It is valid to pass nil for 'is' as GetReference accepts the value.
// ResolveImages must be called before Objects is called for the component.
ResolveImages(is *operator.ImageSet) error
// Objects returns the lists of objects in this component that should be created and/or deleted during
// rendering.
Objects() (objsToCreate, objsToDelete []client.Object)
// Ready returns true if the component is ready to be created.
Ready() bool
// SupportedOSTypes returns operating systems that is supported of the components returned by the Objects() function.
// The "componentHandler" converts the returned OSTypes to a node selectors for the "kubernetes.io/os" label on client.Objects
// that create pods. Return OSTypeAny means that no node selector should be set for the "kubernetes.io/os" label.
SupportedOSType() rmeta.OSType
}
func APIServer ¶
func APIServer(k8sServiceEndpoint k8sapi.ServiceEndpoint, installation *operator.InstallationSpec, managementCluster *operator.ManagementCluster, managementClusterConnection *operator.ManagementClusterConnection, aci *operator.AmazonCloudIntegration, tlsKeyPair *corev1.Secret, pullSecrets []*corev1.Secret, openshift bool, tunnelCASecret *corev1.Secret, clusterDomain string) (Component, error)
func AWSSecurityGroupSetup ¶ added in v1.0.0
func AWSSecurityGroupSetup(ps []corev1.LocalObjectReference, installcr *operator.InstallationSpec) (Component, error)
func AmazonCloudIntegration ¶ added in v1.8.0
func AmazonCloudIntegration(aci *operator.AmazonCloudIntegration, installation *operator.InstallationSpec, cred *AmazonCredential, ps []*corev1.Secret, openshift bool) (Component, error)
func Compliance ¶
func Compliance( esSecrets []*corev1.Secret, managerInternalTLSSecret *corev1.Secret, installation *operatorv1.InstallationSpec, complianceServerCertSecret *corev1.Secret, esClusterConfig *relasticsearch.ClusterConfig, pullSecrets []*corev1.Secret, openshift bool, managementCluster *operatorv1.ManagementCluster, managementClusterConnection *operatorv1.ManagementClusterConnection, dexCfg DexKeyValidatorConfig, clusterDomain string, hasNoLicense bool, ) (Component, error)
func ConfigMaps ¶ added in v1.0.0
func Fluentd ¶ added in v1.0.0
func Fluentd( lc *operatorv1.LogCollector, esSecrets []*corev1.Secret, esClusterConfig *relasticsearch.ClusterConfig, s3C *S3Credential, spC *SplunkCredential, f *FluentdFilters, eksConfig *EksCloudwatchLogConfig, pullSecrets []*corev1.Secret, installation *operatorv1.InstallationSpec, clusterDomain string, osType rmeta.OSType, ) Component
func Guardian ¶ added in v1.2.0
func Guardian( url string, pullSecrets []*corev1.Secret, openshift bool, installation *operatorv1.InstallationSpec, tunnelSecret *corev1.Secret, ) Component
func IntrusionDetection ¶
func IntrusionDetection( lc *operator.LogCollector, esSecrets []*corev1.Secret, kibanaCertSecret *corev1.Secret, installation *operator.InstallationSpec, esClusterConfig *relasticsearch.ClusterConfig, pullSecrets []*corev1.Secret, openshift bool, clusterDomain string, esLicenseType ElasticsearchLicenseType, managedCluster bool, hasNoLicense bool, ) Component
func LogStorage ¶ added in v1.4.0
func LogStorage( logStorage *operatorv1.LogStorage, installation *operatorv1.InstallationSpec, managementCluster *operatorv1.ManagementCluster, managementClusterConnection *operatorv1.ManagementClusterConnection, elasticsearch *esv1.Elasticsearch, kibana *kbv1.Kibana, clusterConfig *relasticsearch.ClusterConfig, elasticsearchSecrets []*corev1.Secret, kibanaSecrets []*corev1.Secret, pullSecrets []*corev1.Secret, provider operatorv1.Provider, curatorSecrets []*corev1.Secret, esService *corev1.Service, kbService *corev1.Service, clusterDomain string, applyTrial bool, dexCfg DexRelyingPartyConfig, elasticLicenseType ElasticsearchLicenseType, ) Component
Elasticsearch renders the
func Manager ¶ added in v1.0.0
func Manager( dexCfg DexKeyValidatorConfig, esSecrets []*corev1.Secret, kibanaSecrets []*corev1.Secret, complianceServerCertSecret *corev1.Secret, esClusterConfig *relasticsearch.ClusterConfig, tlsKeyPair *corev1.Secret, pullSecrets []*corev1.Secret, openshift bool, installation *operator.InstallationSpec, managementCluster *operator.ManagementCluster, tunnelSecret *corev1.Secret, internalTrafficSecret *corev1.Secret, clusterDomain string, esLicenseType ElasticsearchLicenseType, ) (Component, error)
func Namespaces ¶
func Namespaces(installation *operatorv1.InstallationSpec, pullSecrets []*corev1.Secret) Component
func Node ¶
func Node( k8sServiceEp k8sapi.ServiceEndpoint, cr *operator.InstallationSpec, bt map[string]string, tnTLS *TyphaNodeTLS, aci *operator.AmazonCloudIntegration, migrate bool, nodeAppArmorProfile string, clusterDomain string, nodeReporterMetricsPort int, ) Component
Node creates the node daemonset and other resources for the daemonset to operate normally.
func PriorityClassDefinitions ¶
func PriorityClassDefinitions() Component
func Typha ¶ added in v1.0.0
func Typha( k8sServiceEp k8sapi.ServiceEndpoint, installation *operator.InstallationSpec, tnTLS *TyphaNodeTLS, aci *operator.AmazonCloudIntegration, migrationNeeded bool, clusterDomain string, ) Component
Typha creates the typha daemonset and other resources for the daemonset to operate normally.
type DexConfig ¶ added in v1.12.0
type DexConfig interface {
Connector() map[string]interface{}
DexKeyValidatorConfig
}
DexConfig is a config for DexIdP itself.
type DexKeyValidatorConfig ¶ added in v1.12.0
type DexKeyValidatorConfig interface {
// ManagerURI returns the address where the Manager UI can be found. Ex: https://example.org
ManagerURI() string
// RequiredEnv returns env that is used to configure pods with dex options.
RequiredEnv(prefix string) []corev1.EnvVar
// RequiredAnnotations returns annotations that make your the pods get refreshed if any of the config/secrets change.
RequiredAnnotations() map[string]string
// RequiredSecrets returns secrets that you need to render for dex.
RequiredSecrets(namespace string) []*corev1.Secret
// RequiredVolumeMounts returns volume mounts that are related to dex.
RequiredVolumeMounts() []corev1.VolumeMount
// RequiredVolumes returns volumes that are related to dex.
RequiredVolumes() []corev1.Volume
}
DexKeyValidatorConfig is a config for (backend) servers that validate JWTs issued by Dex.
func NewDexKeyValidatorConfig ¶ added in v1.12.0
func NewDexKeyValidatorConfig( authentication *oprv1.Authentication, tlsSecret *corev1.Secret, clusterDomain string) DexKeyValidatorConfig
type DexRelyingPartyConfig ¶ added in v1.12.0
type DexRelyingPartyConfig interface {
// JWKSURI returns the endpoint for public keys
JWKSURI() string
// TokenURI returns the endpoint for exchanging tokens
TokenURI() string
// UserInfoURI returns the endpoint for user info.
UserInfoURI() string
// ClientSecret returns the secret for Dex' auth endpoint
ClientSecret() []byte
// ManagerURI returns the address where the Manager UI can be found. Ex: https://example.org
RequestedScopes() []string
// UsernameClaim returns the part of the JWT that represents a unique username.
UsernameClaim() string
// GroupsClaim returns the part of the JWT that represents the list of user groups.
GroupsClaim() string
DexKeyValidatorConfig
}
DexRelyingPartyConfig is a config for relying parties / applications that use Dex as their IdP.
func NewDexRelyingPartyConfig ¶ added in v1.12.0
func NewDexRelyingPartyConfig( authentication *oprv1.Authentication, tlsSecret *corev1.Secret, dexSecret *corev1.Secret, clusterDomain string) DexRelyingPartyConfig
type EksCloudwatchLogConfig ¶ added in v1.0.0
type ElasticsearchLicenseType ¶ added in v1.14.0
type ElasticsearchLicenseType string
type FluentdFilters ¶ added in v1.0.0
type GuardianComponent ¶ added in v1.2.0
type GuardianComponent struct {
// contains filtered or unexported fields
}
func (*GuardianComponent) Objects ¶ added in v1.2.0
func (c *GuardianComponent) Objects() ([]client.Object, []client.Object)
func (*GuardianComponent) Ready ¶ added in v1.2.0
func (c *GuardianComponent) Ready() bool
func (*GuardianComponent) ResolveImages ¶ added in v1.14.0
func (c *GuardianComponent) ResolveImages(is *operatorv1.ImageSet) error
func (*GuardianComponent) SupportedOSType ¶ added in v1.11.0
func (c *GuardianComponent) SupportedOSType() rmeta.OSType
type Renderer ¶
type Renderer interface {
Render() []Component
}
A Renderer is capable of generating components to be installed on the cluster.
func Calico ¶
func Calico( k8sServiceEp k8sapi.ServiceEndpoint, cr *operator.InstallationSpec, logStorageExists bool, managementCluster *operator.ManagementCluster, managementClusterConnection *operator.ManagementClusterConnection, authentication *operator.Authentication, pullSecrets []*corev1.Secret, typhaNodeTLS *TyphaNodeTLS, managerInternalTLSSecret *corev1.Secret, elasticsearchSecret *corev1.Secret, kibanaSecret *corev1.Secret, bt map[string]string, p operator.Provider, aci *operator.AmazonCloudIntegration, up bool, nodeAppArmorProfile string, clusterDomain string, esLicenseType ElasticsearchLicenseType, esAdminSecret *corev1.Secret, kubeControllersMetricsPort int, nodeReporterMetricsPort int, ) (Renderer, error)
type S3Credential ¶ added in v1.0.0
type SplunkCredential ¶ added in v1.4.0
Source Files
¶
- amazoncloudintegration.go
- apiserver.go
- aws-securitygroup-setup.go
- compliance.go
- component.go
- configmap.go
- crypto_utils.go
- csr.go
- dex.go
- dex_config.go
- fluentd.go
- guardian.go
- intrusion_detection.go
- kube-controllers.go
- logstorage.go
- manager.go
- namespaces.go
- node.go
- priority_class.go
- render.go
- secrets.go
- typha.go
Directories
Click to show internal directories.
Click to hide internal directories.