common

package
v1.27.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 21, 2022 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	TigeraElasticsearchUserSecretLabel = "tigera-elasticsearch-user"
	DefaultElasticsearchShards         = 1

	// ESGatewaySelectorLabel is used to mark any secret containing credentials for ES gateway with this label key/value.
	// This will allow ES gateway to watch only the relevant secrets it needs.
	ESGatewaySelectorLabel      = "esgateway.tigera.io/secrets"
	ESGatewaySelectorLabelValue = "credentials"
)

Variables

This section is empty.

Functions

func CalculateFlowShards 

func CalculateFlowShards(nodesSpecifications *operatorv1.Nodes, defaultShards int) int

func CreateKubeControllersSecrets 

func CreateKubeControllersSecrets(ctx context.Context, esAdminUserSecret *corev1.Secret, esAdminUserName string, cli client.Client) (*corev1.Secret, *corev1.Secret, *corev1.Secret, error)

CreateKubeControllersSecrets checks for the existence of the secrets necessary for Kube controllers to access Elasticsearch through ES gateway and creates them if they are missing. Kube controllers no longer uses admin credentials to make requests directly to Elasticsearch. Instead, gateway credentials are generated and stored in the user secret, a hashed version of the credentials is stored in the tigera-elasticsearch namespace for ES Gateway to retrieve and use to compare the gateway credentials, and a secret containing real admin level credentials is created and stored in the tigera-elasticsearch namespace to be swapped in once ES Gateway has confirmed that the gateway credentials match.

func DeleteInvalidECKManagedPublicCertSecret 

func DeleteInvalidECKManagedPublicCertSecret(ctx context.Context, secret *corev1.Secret, cli client.Client, log logr.Logger) error

DeleteInvalidECKManagedPublicCertSecret deletes the given ECK managed cert secret.

func GetESGatewayCertificateSecrets 

func GetESGatewayCertificateSecrets(ctx context.Context, instl *operatorv1.InstallationSpec, cli client.Client, clusterDomain string, log logr.Logger) (*corev1.Secret, *corev1.Secret, bool, error)

GetESGatewayCertificateSecrets retrieves certificate secrets needed for ES Gateway to run or for components to communicate with Elasticsearch/Kibana through ES Gateway. The order of the secrets returned are: 1) The certificate/key secret to be mounted by ES Gateway and used to authenticate requests before proxying to Elasticsearch/Kibana (in the operator namespace). If the user didn't create this secret, it is created. 2) The certificate mounted by other clients that connect to Elasticsearch/Kibana through ES Gateway (in the operator namespace). The final return value is used to indicate that the certificate secret was provided by the customer. This ensures that we do not re-render the secret in the Operator Namespace and overwrite the OwnerReference.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.