Documentation ¶
Overview ¶
This renderer is responsible for all resources related to a Guardian Deployment in a multicluster setup.
Index ¶
- Constants
- Variables
- func ApiServerServiceAccountName(v operatorv1.ProductVariant) string
- func CreateCertificateConfigMap(caPem string, secretName string, namespace string) *corev1.ConfigMap
- func CreateCertificateSecret(caPem []byte, secretName string, namespace string) *corev1.Secret
- func CreateDexClientSecret() *corev1.Secret
- func CreateNamespace(name string, provider operatorv1.Provider) *corev1.Namespace
- func GetIPv4Pool(pools []operatorv1.IPPool) *operatorv1.IPPool
- func GetIPv6Pool(pools []operatorv1.IPPool) *operatorv1.IPPool
- func GetTigeraSecurityGroupEnvVariables(aci *operatorv1.AmazonCloudIntegration) []corev1.EnvVar
- func NewDexKeyValidatorConfig(authentication *oprv1.Authentication, idpSecret *corev1.Secret, ...) authentication.KeyValidatorConfig
- func ProjectCalicoApiServerServiceName(v operatorv1.ProductVariant) string
- func ProjectCalicoApiServerTLSSecretName(v operatorv1.ProductVariant) string
- func SetClusterCriticalPod(t *corev1.PodTemplateSpec)
- func SetTestLogger(l logr.Logger)
- func VoltronTunnelSecret() *corev1.Secret
- type APIServerConfiguration
- type AWSSGSetupConfiguration
- type AmazonCloudIntegrationConfiguration
- type AmazonCredential
- type ComplianceConfiguration
- type Component
- func APIServer(cfg *APIServerConfiguration) (Component, error)
- func AWSSecurityGroupSetup(cfg *AWSSGSetupConfiguration) (Component, error)
- func AmazonCloudIntegration(cfg *AmazonCloudIntegrationConfiguration) (Component, error)
- func Compliance(cfg *ComplianceConfiguration) (Component, error)
- func Dex(cfg *DexComponentConfiguration) Component
- func Fluentd(cfg *FluentdConfiguration) Component
- func Guardian(cfg *GuardianConfiguration) Component
- func IntrusionDetection(cfg *IntrusionDetectionConfiguration) Component
- func LogStorage(cfg *ElasticsearchConfiguration) Component
- func Manager(cfg *ManagerConfiguration) (Component, error)
- func Namespaces(cfg *NamespaceConfiguration) Component
- func NewPassthrough(objs ...client.Object) Component
- func Node(cfg *NodeConfiguration) Component
- func PacketCaptureAPI(cfg *PacketCaptureApiConfiguration) Component
- func Typha(cfg *TyphaConfiguration) Component
- func Windows(cfg *WindowsConfig) Component
- type DexComponentConfiguration
- type DexConfig
- type DexKeyValidatorConfig
- func (d DexKeyValidatorConfig) BaseURL() string
- func (d DexKeyValidatorConfig) ClientID() string
- func (d DexKeyValidatorConfig) ClientSecret() []byte
- func (d DexKeyValidatorConfig) Issuer() string
- func (d DexKeyValidatorConfig) RedirectURIs() []string
- func (d DexKeyValidatorConfig) RequestedScopes() []string
- func (d *DexKeyValidatorConfig) RequiredAnnotations() map[string]string
- func (d DexKeyValidatorConfig) RequiredConfigMaps(string) []*corev1.ConfigMap
- func (d *DexKeyValidatorConfig) RequiredEnv(prefix string) []corev1.EnvVar
- func (d DexKeyValidatorConfig) RequiredSecrets(namespace string) []*corev1.Secret
- func (d *DexKeyValidatorConfig) RequiredVolumeMounts() []corev1.VolumeMount
- func (d *DexKeyValidatorConfig) RequiredVolumes() []corev1.Volume
- func (d DexKeyValidatorConfig) UsernameClaim() string
- type EksCloudwatchLogConfig
- type ElasticsearchConfiguration
- type ElasticsearchLicenseType
- type FluentdConfiguration
- type FluentdFilters
- type GuardianComponent
- type GuardianConfiguration
- type IntrusionDetectionConfiguration
- type ManagerConfiguration
- type NamespaceConfiguration
- type NodeConfiguration
- type PacketCaptureApiConfiguration
- type Renderer
- type S3Credential
- type SplunkCredential
- type TyphaConfiguration
- type TyphaNodeTLS
- type WindowsConfig
Constants ¶
const ( AmazonCloudIntegrationNamespace = "tigera-amazon-cloud-integration" AmazonCloudIntegrationComponentName = "tigera-amazon-cloud-integration" AmazonCloudIntegrationCredentialName = "amazon-cloud-integration-credentials" AmazonCloudCredentialKeyIdName = "key-id" AmazonCloudCredentialKeySecretName = "key-secret" )
const ( ComplianceNamespace = "tigera-compliance" ComplianceServiceName = "compliance" ComplianceServerName = "compliance-server" ComplianceControllerName = "compliance-controller" ComplianceSnapshotterName = "compliance-snapshotter" ComplianceServerSAName = "tigera-compliance-server" )
const ( ElasticsearchComplianceBenchmarkerUserSecret = "tigera-ee-compliance-benchmarker-elasticsearch-access" ElasticsearchComplianceControllerUserSecret = "tigera-ee-compliance-controller-elasticsearch-access" ElasticsearchComplianceReporterUserSecret = "tigera-ee-compliance-reporter-elasticsearch-access" ElasticsearchComplianceSnapshotterUserSecret = "tigera-ee-compliance-snapshotter-elasticsearch-access" ElasticsearchComplianceServerUserSecret = "tigera-ee-compliance-server-elasticsearch-access" ElasticsearchCuratorUserSecret = "tigera-ee-curator-elasticsearch-access" ComplianceServerCertSecret = "tigera-compliance-server-tls" )
const ( VoltronDnsName = "voltron" VoltronKeySizeBits = 2048 )
Voltron related constants.
const ( DexNamespace = "tigera-dex" DexObjectName = "tigera-dex" DexPort = 5556 DexTLSSecretName = "tigera-dex-tls" DexClientId = "tigera-manager" )
const ( ClientSecretSecretField = "clientSecret" RootCASecretField = "rootCA" OIDCSecretName = "tigera-oidc-credentials" OpenshiftSecretName = "tigera-openshift-credentials" LDAPSecretName = "tigera-ldap-credentials" ClientIDSecretField = "clientID" BindDNSecretField = "bindDN" BindPWSecretField = "bindPW" // Default claims to use to data from a JWT. DefaultGroupsClaim = "groups" )
const ( LogCollectorNamespace = "tigera-fluentd" FluentdFilterConfigMapName = "fluentd-filters" FluentdFilterFlowName = "flow" FluentdFilterDNSName = "dns" S3FluentdSecretName = "log-collector-s3-credentials" S3KeyIdName = "key-id" S3KeySecretName = "key-secret" FluentdPrometheusTLSSecretName = "tigera-fluentd-prometheus-tls" FluentdMetricsService = "fluentd-metrics" FluentdMetricsPort = "fluentd-metrics-port" ElasticsearchLogCollectorUserSecret = "tigera-fluentd-elasticsearch-access" ElasticsearchEksLogForwarderUserSecret = "tigera-eks-log-forwarder-elasticsearch-access" EksLogForwarderSecret = "tigera-eks-log-forwarder-secret" EksLogForwarderAwsId = "aws-id" EksLogForwarderAwsKey = "aws-key" SplunkFluentdTokenSecretName = "logcollector-splunk-credentials" SplunkFluentdSecretTokenKey = "token" SplunkFluentdCertificateSecretName = "logcollector-splunk-public-certificate" SplunkFluentdSecretCertificateKey = "ca.pem" SplunkFluentdSecretsVolName = "splunk-certificates" SplunkFluentdDefaultCertDir = "/etc/ssl/splunk/" SplunkFluentdDefaultCertPath = SplunkFluentdDefaultCertDir + SplunkFluentdSecretCertificateKey FluentdNodeName = "fluentd-node" PacketCaptureAPIRole = "packetcapture-api-role" PacketCaptureAPIRoleBinding = "packetcapture-api-role-binding" )
const ( GuardianName = "tigera-guardian" GuardianNamespace = GuardianName GuardianServiceAccountName = GuardianName GuardianClusterRoleName = GuardianName GuardianClusterRoleBindingName = GuardianName GuardianDeploymentName = GuardianName GuardianServiceName = "tigera-guardian" GuardianVolumeName = "tigera-guardian-certs" GuardianSecretName = "tigera-managed-cluster-connection" )
The names of the components related to the Guardian related rendered objects.
const ( IntrusionDetectionNamespace = "tigera-intrusion-detection" IntrusionDetectionName = "intrusion-detection-controller" ElasticsearchIntrusionDetectionUserSecret = "tigera-ee-intrusion-detection-elasticsearch-access" ElasticsearchIntrusionDetectionJobUserSecret = "tigera-ee-installer-elasticsearch-access" ElasticsearchADJobUserSecret = "tigera-ee-ad-job-elasticsearch-access" ElasticsearchPerformanceHotspotsUserSecret = "tigera-ee-performance-hotspots-elasticsearch-access" IntrusionDetectionInstallerJobName = "intrusion-detection-es-job-installer" IntrusionDetectionControllerName = "intrusion-detection-controller" ADJobPodTemplateBaseName = "tigera.io.detectors" ADResourceGroup = "detectors.tigera.io" ADDetectorsModelResourceName = "models" ADAPIObjectName = "anomaly-detection-api" ADAPIObjectPortName = "anomaly-detection-api-https" ADAPITLSSecretName = "anomaly-detection-api-tls" )
const ( ECKOperatorName = "elastic-operator" ECKOperatorNamespace = "tigera-eck-operator" ECKLicenseConfigMapName = "elastic-licensing" ElasticsearchNamespace = "tigera-elasticsearch" TigeraElasticsearchCertSecret = "tigera-secure-elasticsearch-cert" TigeraElasticsearchInternalCertSecret = "tigera-secure-internal-elasticsearch-cert" ElasticsearchName = "tigera-secure" ElasticsearchServiceName = "tigera-secure-es-http" ESGatewayServiceName = "tigera-secure-es-gateway-http" ElasticsearchDefaultPort = 9200 ElasticsearchSecureSettingsSecretName = "tigera-elasticsearch-secure-settings" ElasticsearchOperatorUserSecret = "tigera-ee-operator-elasticsearch-access" ElasticsearchAdminUserSecret = "tigera-secure-es-elastic-user" KibanaName = "tigera-secure" KibanaNamespace = "tigera-kibana" KibanaPublicCertSecret = "tigera-secure-es-gateway-http-certs-public" KibanaInternalCertSecret = "tigera-secure-kb-http-certs-public" TigeraKibanaCertSecret = "tigera-secure-kibana-cert" KibanaBasePath = "tigera-kibana" KibanaServiceName = "tigera-secure-kb-http" KibanaDefaultRoute = "/app/kibana#/dashboards?%s&title=%s" DefaultElasticsearchClusterName = "cluster" DefaultElasticsearchReplicas = 0 DefaultElasticStorageGi = 10 EsCuratorName = "elastic-curator" EsCuratorServiceAccount = "tigera-elastic-curator" OIDCUsersConfigMapName = "tigera-known-oidc-users" OIDCUsersEsSecreteName = "tigera-oidc-users-elasticsearch-credentials" ElasticsearchLicenseTypeBasic ElasticsearchLicenseType = "basic" ElasticsearchLicenseTypeEnterprise ElasticsearchLicenseType = "enterprise" ElasticsearchLicenseTypeEnterpriseTrial ElasticsearchLicenseType = "enterprise_trial" ElasticsearchLicenseTypeUnknown ElasticsearchLicenseType = "" EsManagerRole = "es-manager" EsManagerRoleBinding = "es-manager" KibanaTLSAnnotationHash = "hash.operator.tigera.io/kb-secrets" ElasticsearchTLSHashAnnotation = "hash.operator.tigera.io/es-secrets" TimeFilter = "_g=(time:(from:now-24h,to:now))" FlowsDashboardName = "Tigera Secure EE Flow Logs" )
const ( ManagerServiceName = "tigera-manager" ManagerNamespace = "tigera-manager" ManagerServiceIP = "localhost" ManagerServiceAccount = "tigera-manager" ManagerClusterRole = "tigera-manager-role" ManagerClusterRoleBinding = "tigera-manager-binding" ManagerTLSSecretName = "manager-tls" ManagerInternalTLSSecretName = "internal-manager-tls" ManagerUserSettings = "user-settings" ElasticsearchManagerUserSecret = "tigera-ee-manager-elasticsearch-access" TlsSecretHashAnnotation = "hash.operator.tigera.io/tls-secret" KibanaTLSHashAnnotation = "hash.operator.tigera.io/kibana-secrets" ElasticsearchUserHashAnnotation = "hash.operator.tigera.io/elasticsearch-user" PrometheusTLSSecretName = "calico-node-prometheus-tls" )
const ( VoltronName = "tigera-voltron" VoltronTunnelSecretName = "tigera-management-cluster-connection" )
ManagementClusterConnection configuration constants
const ( BirdTemplatesConfigMapName = "bird-templates" CSRLabelCalicoSystem = "calico-system" BGPLayoutConfigMapName = "bgp-layout" BGPLayoutConfigMapKey = "earlyNetworkConfiguration" BGPLayoutVolumeName = "bgp-layout" BGPLayoutPath = "/etc/calico/early-networking.yaml" K8sSvcEndpointConfigMapName = "kubernetes-services-endpoint" NodeFinalizer = "tigera.io/cni-protector" CalicoNodeMetricsService = "calico-node-metrics" NodePrometheusTLSServerSecret = "calico-node-prometheus-server-tls" CalicoNodeObjectName = "calico-node" )
const ( PacketCaptureContainerName = "tigera-packetcapture-server" PacketCaptureName = "tigera-packetcapture" PacketCaptureNamespace = PacketCaptureName PacketCaptureServiceAccountName = PacketCaptureName PacketCaptureClusterRoleName = PacketCaptureName PacketCaptureClusterRoleBindingName = PacketCaptureName PacketCaptureDeploymentName = PacketCaptureName PacketCaptureServiceName = PacketCaptureName PacketCaptureCertSecret = "tigera-packetcapture-server-tls" )
The names of the components related to the PacketCapture APIs related rendered objects.
const ( TyphaServiceName = "calico-typha" TyphaPortName = "calico-typha" TyphaK8sAppName = "calico-typha" TyphaServiceAccountName = "calico-typha" AppLabelName = "k8s-app" TyphaPort int32 = 5473 )
const TigeraAWSSGSetupName = "tigera-aws-security-group-setup"
Variables ¶
var ( CommonName = "common-name" URISAN = "uri-san" TyphaCommonName = "typha-server" FelixCommonName = "typha-client" NodePriorityClassName = "system-node-critical" ClusterPriorityClassName = "system-cluster-critical" )
var ( TyphaTLSSecretName = "typha-certs" TyphaCAConfigMapName = "typha-ca" TyphaCABundleName = "caBundle" )
var (
NodeTLSSecretName = "node-certs"
)
Functions ¶
func ApiServerServiceAccountName ¶ added in v1.26.0
func ApiServerServiceAccountName(v operatorv1.ProductVariant) string
func CreateCertificateConfigMap ¶ added in v1.25.1
func CreateCertificateConfigMap(caPem string, secretName string, namespace string) *corev1.ConfigMap
CreateCertificateConfigMap is a convenience method for creating a configmap that contains only a ca or cert to trust.
func CreateCertificateSecret ¶ added in v1.18.0
CreateCertificateSecret is a convenience method for creating a secret that contains only a ca or cert to trust.
func CreateDexClientSecret ¶ added in v1.12.0
func CreateNamespace ¶ added in v1.22.0
func CreateNamespace(name string, provider operatorv1.Provider) *corev1.Namespace
func GetIPv4Pool ¶ added in v1.2.0
func GetIPv4Pool(pools []operatorv1.IPPool) *operatorv1.IPPool
GetIPv4Pool returns the IPv4 IPPool in an installation, or nil if one can't be found.
func GetIPv6Pool ¶ added in v1.2.0
func GetIPv6Pool(pools []operatorv1.IPPool) *operatorv1.IPPool
GetIPv6Pool returns the IPv6 IPPool in an installation, or nil if one can't be found.
func GetTigeraSecurityGroupEnvVariables ¶ added in v1.8.0
func GetTigeraSecurityGroupEnvVariables(aci *operatorv1.AmazonCloudIntegration) []corev1.EnvVar
func NewDexKeyValidatorConfig ¶ added in v1.12.0
func NewDexKeyValidatorConfig( authentication *oprv1.Authentication, idpSecret *corev1.Secret, clusterDomain string) authentication.KeyValidatorConfig
func ProjectCalicoApiServerServiceName ¶ added in v1.25.0
func ProjectCalicoApiServerServiceName(v operatorv1.ProductVariant) string
func ProjectCalicoApiServerTLSSecretName ¶ added in v1.25.0
func ProjectCalicoApiServerTLSSecretName(v operatorv1.ProductVariant) string
The following functions are helpers for determining resource names based on the configured product variant.
func SetClusterCriticalPod ¶ added in v1.22.0
func SetClusterCriticalPod(t *corev1.PodTemplateSpec)
func SetTestLogger ¶
func VoltronTunnelSecret ¶ added in v1.26.0
VoltronTunnelSecret Creates a secret that will store the CA needed to generated certificates for managed cluster registration
Types ¶
type APIServerConfiguration ¶ added in v1.25.0
type APIServerConfiguration struct { K8SServiceEndpoint k8sapi.ServiceEndpoint Installation *operatorv1.InstallationSpec ForceHostNetwork bool ManagementCluster *operatorv1.ManagementCluster ManagementClusterConnection *operatorv1.ManagementClusterConnection AmazonCloudIntegration *operatorv1.AmazonCloudIntegration TLSKeyPair certificatemanagement.KeyPairInterface PullSecrets []*corev1.Secret Openshift bool TunnelCASecret certificatemanagement.KeyPairInterface }
APIServerConfiguration contains all the config information needed to render the component.
type AWSSGSetupConfiguration ¶ added in v1.25.0
type AWSSGSetupConfiguration struct { PullSecrets []corev1.LocalObjectReference Installation *operatorv1.InstallationSpec }
AWSSGSetupConfiguration contains all the config information needed to render the component.
type AmazonCloudIntegrationConfiguration ¶ added in v1.25.0
type AmazonCloudIntegrationConfiguration struct { AmazonCloudIntegration *operatorv1.AmazonCloudIntegration Installation *operatorv1.InstallationSpec Credentials *AmazonCredential PullSecrets []*corev1.Secret Openshift bool }
AmazonCloudIntegrationConfiguration contains all the config information needed to render the component.
type AmazonCredential ¶ added in v1.8.0
func ConvertSecretToCredential ¶ added in v1.8.0
func ConvertSecretToCredential(s *corev1.Secret) (*AmazonCredential, error)
type ComplianceConfiguration ¶ added in v1.25.0
type ComplianceConfiguration struct { ESSecrets []*corev1.Secret TrustedBundle certificatemanagement.TrustedBundle Installation *operatorv1.InstallationSpec ComplianceServerCertSecret certificatemanagement.KeyPairInterface ESClusterConfig *relasticsearch.ClusterConfig PullSecrets []*corev1.Secret Openshift bool ManagementCluster *operatorv1.ManagementCluster ManagementClusterConnection *operatorv1.ManagementClusterConnection KeyValidatorConfig authentication.KeyValidatorConfig ClusterDomain string HasNoLicense bool }
ComplianceConfiguration contains all the config information needed to render the component.
type Component ¶
type Component interface { // ResolveImages should call components.GetReference for all images that the Component // needs, passing 'is' to the GetReference call and if there are any errors those // are returned. It is valid to pass nil for 'is' as GetReference accepts the value. // ResolveImages must be called before Objects is called for the component. ResolveImages(is *operatorv1.ImageSet) error // Objects returns the lists of objects in this component that should be created and/or deleted during // rendering. Objects() (objsToCreate, objsToDelete []client.Object) // Ready returns true if the component is ready to be created. Ready() bool // SupportedOSTypes returns operating systems that is supported of the components returned by the Objects() function. // The "componentHandler" converts the returned OSTypes to a node selectors for the "kubernetes.io/os" label on client.Objects // that create pods. Return OSTypeAny means that no node selector should be set for the "kubernetes.io/os" label. SupportedOSType() rmeta.OSType }
func APIServer ¶
func APIServer(cfg *APIServerConfiguration) (Component, error)
func AWSSecurityGroupSetup ¶ added in v1.0.0
func AWSSecurityGroupSetup(cfg *AWSSGSetupConfiguration) (Component, error)
func AmazonCloudIntegration ¶ added in v1.8.0
func AmazonCloudIntegration(cfg *AmazonCloudIntegrationConfiguration) (Component, error)
func Compliance ¶
func Compliance(cfg *ComplianceConfiguration) (Component, error)
func Dex ¶ added in v1.12.0
func Dex(cfg *DexComponentConfiguration) Component
func Fluentd ¶ added in v1.0.0
func Fluentd(cfg *FluentdConfiguration) Component
func Guardian ¶ added in v1.2.0
func Guardian(cfg *GuardianConfiguration) Component
func IntrusionDetection ¶
func IntrusionDetection(cfg *IntrusionDetectionConfiguration) Component
func LogStorage ¶ added in v1.4.0
func LogStorage(cfg *ElasticsearchConfiguration) Component
LogStorage renders the components necessary for kibana and elasticsearch
func Manager ¶ added in v1.0.0
func Manager(cfg *ManagerConfiguration) (Component, error)
func Namespaces ¶
func Namespaces(cfg *NamespaceConfiguration) Component
func NewPassthrough ¶ added in v1.22.0
func Node ¶
func Node(cfg *NodeConfiguration) Component
Node creates the node daemonset and other resources for the daemonset to operate normally.
func PacketCaptureAPI ¶ added in v1.21.0
func PacketCaptureAPI(cfg *PacketCaptureApiConfiguration) Component
func Typha ¶ added in v1.0.0
func Typha(cfg *TyphaConfiguration) Component
Typha creates the typha daemonset and other resources for the daemonset to operate normally.
func Windows ¶ added in v1.23.0
func Windows( cfg *WindowsConfig, ) Component
type DexComponentConfiguration ¶ added in v1.25.0
type DexComponentConfiguration struct { PullSecrets []*corev1.Secret Openshift bool Installation *operatorv1.InstallationSpec DexConfig DexConfig ClusterDomain string DeleteDex bool TLSKeyPair certificatemanagement.KeyPairInterface }
DexComponentConfiguration contains all the config information needed to render the component.
type DexConfig ¶ added in v1.12.0
type DexConfig interface { Connector() map[string]interface{} RedirectURIs() []string // RequiredVolumeMounts returns volume mounts that the KeyValidatorConfig implementation requires. RequiredVolumeMounts() []corev1.VolumeMount // RequiredVolumes returns volumes that the KeyValidatorConfig implementation requires. RequiredVolumes() []corev1.Volume authentication.KeyValidatorConfig }
DexConfig is a config for DexIdP itself.
func NewDexConfig ¶ added in v1.12.0
func NewDexConfig( certificateManagement *oprv1.CertificateManagement, authentication *oprv1.Authentication, dexSecret *corev1.Secret, idpSecret *corev1.Secret, clusterDomain string) DexConfig
Create a new DexConfig.
type DexKeyValidatorConfig ¶ added in v1.12.0
type DexKeyValidatorConfig struct {
// contains filtered or unexported fields
}
func (DexKeyValidatorConfig) BaseURL ¶ added in v1.18.0
func (d DexKeyValidatorConfig) BaseURL() string
func (DexKeyValidatorConfig) ClientID ¶ added in v1.18.0
func (d DexKeyValidatorConfig) ClientID() string
func (DexKeyValidatorConfig) ClientSecret ¶ added in v1.18.0
func (d DexKeyValidatorConfig) ClientSecret() []byte
func (DexKeyValidatorConfig) Issuer ¶ added in v1.18.0
func (d DexKeyValidatorConfig) Issuer() string
func (DexKeyValidatorConfig) RedirectURIs ¶ added in v1.18.0
func (d DexKeyValidatorConfig) RedirectURIs() []string
func (DexKeyValidatorConfig) RequestedScopes ¶ added in v1.18.0
func (d DexKeyValidatorConfig) RequestedScopes() []string
func (*DexKeyValidatorConfig) RequiredAnnotations ¶ added in v1.12.0
func (d *DexKeyValidatorConfig) RequiredAnnotations() map[string]string
RequiredAnnotations returns the annotations that are relevant for a validator config.
func (DexKeyValidatorConfig) RequiredConfigMaps ¶ added in v1.18.0
func (*DexKeyValidatorConfig) RequiredEnv ¶ added in v1.12.0
func (d *DexKeyValidatorConfig) RequiredEnv(prefix string) []corev1.EnvVar
Append variables that are necessary for using the dex authenticator.
func (DexKeyValidatorConfig) RequiredSecrets ¶ added in v1.12.0
func (*DexKeyValidatorConfig) RequiredVolumeMounts ¶ added in v1.12.0
func (d *DexKeyValidatorConfig) RequiredVolumeMounts() []corev1.VolumeMount
func (*DexKeyValidatorConfig) RequiredVolumes ¶ added in v1.12.0
func (d *DexKeyValidatorConfig) RequiredVolumes() []corev1.Volume
func (DexKeyValidatorConfig) UsernameClaim ¶ added in v1.18.0
func (d DexKeyValidatorConfig) UsernameClaim() string
type EksCloudwatchLogConfig ¶ added in v1.0.0
type ElasticsearchConfiguration ¶ added in v1.25.0
type ElasticsearchConfiguration struct { LogStorage *operatorv1.LogStorage Installation *operatorv1.InstallationSpec ManagementCluster *operatorv1.ManagementCluster ManagementClusterConnection *operatorv1.ManagementClusterConnection Elasticsearch *esv1.Elasticsearch Kibana *kbv1.Kibana ClusterConfig *relasticsearch.ClusterConfig ElasticsearchSecrets []*corev1.Secret KibanaCertSecret *corev1.Secret KibanaInternalCertSecret *corev1.Secret PullSecrets []*corev1.Secret Provider operatorv1.Provider CuratorSecrets []*corev1.Secret ESService *corev1.Service KbService *corev1.Service ClusterDomain string BaseURL string // BaseUrl is where the manager is reachable, for setting Kibana publicBaseUrl ElasticLicenseType ElasticsearchLicenseType }
ElasticsearchConfiguration contains all the config information needed to render the component.
type ElasticsearchLicenseType ¶ added in v1.14.0
type ElasticsearchLicenseType string
type FluentdConfiguration ¶ added in v1.25.0
type FluentdConfiguration struct { LogCollector *operatorv1.LogCollector ESSecrets []*corev1.Secret ESClusterConfig *relasticsearch.ClusterConfig S3Credential *S3Credential SplkCredential *SplunkCredential Filters *FluentdFilters EKSConfig *EksCloudwatchLogConfig PullSecrets []*corev1.Secret Installation *operatorv1.InstallationSpec ClusterDomain string OSType rmeta.OSType MetricsServerTLS certificatemanagement.KeyPairInterface TrustedBundle certificatemanagement.TrustedBundle }
FluentdConfiguration contains all the config information needed to render the component.
type FluentdFilters ¶ added in v1.0.0
type GuardianComponent ¶ added in v1.2.0
type GuardianComponent struct {
// contains filtered or unexported fields
}
func (*GuardianComponent) Objects ¶ added in v1.2.0
func (c *GuardianComponent) Objects() ([]client.Object, []client.Object)
func (*GuardianComponent) Ready ¶ added in v1.2.0
func (c *GuardianComponent) Ready() bool
func (*GuardianComponent) ResolveImages ¶ added in v1.14.0
func (c *GuardianComponent) ResolveImages(is *operatorv1.ImageSet) error
func (*GuardianComponent) SupportedOSType ¶ added in v1.11.0
func (c *GuardianComponent) SupportedOSType() rmeta.OSType
type GuardianConfiguration ¶ added in v1.25.0
type GuardianConfiguration struct { URL string PullSecrets []*corev1.Secret Openshift bool Installation *operatorv1.InstallationSpec TunnelSecret *corev1.Secret TrustedCertBundle certificatemanagement.TrustedBundle }
GuardianConfiguration contains all the config information needed to render the component.
type IntrusionDetectionConfiguration ¶ added in v1.25.0
type IntrusionDetectionConfiguration struct { LogCollector *operatorv1.LogCollector ESSecrets []*corev1.Secret Installation *operatorv1.InstallationSpec ESClusterConfig *relasticsearch.ClusterConfig PullSecrets []*corev1.Secret Openshift bool ClusterDomain string ESLicenseType ElasticsearchLicenseType ManagedCluster bool HasNoLicense bool TrustedCertBundle certificatemanagement.TrustedBundle ADAPIServerCertSecret certificatemanagement.KeyPairInterface }
IntrusionDetectionConfiguration contains all the config information needed to render the component.
type ManagerConfiguration ¶ added in v1.25.0
type ManagerConfiguration struct { KeyValidatorConfig authentication.KeyValidatorConfig ESSecrets []*corev1.Secret KibanaSecrets []*corev1.Secret TrustedCertBundle certificatemanagement.TrustedBundle ESClusterConfig *relasticsearch.ClusterConfig TLSKeyPair certificatemanagement.KeyPairInterface PullSecrets []*corev1.Secret Openshift bool Installation *operatorv1.InstallationSpec ManagementCluster *operatorv1.ManagementCluster TunnelSecret certificatemanagement.KeyPairInterface InternalTrafficSecret certificatemanagement.KeyPairInterface ClusterDomain string ESLicenseType ElasticsearchLicenseType Replicas *int32 ComplianceFeatureActive bool }
ManagerConfiguration contains all the config information needed to render the component.
type NamespaceConfiguration ¶ added in v1.25.0
type NamespaceConfiguration struct { Installation *operatorv1.InstallationSpec PullSecrets []*corev1.Secret Terminating bool }
NamespaceConfiguration contains all the config information needed to render the component.
type NodeConfiguration ¶ added in v1.22.0
type NodeConfiguration struct { K8sServiceEp k8sapi.ServiceEndpoint Installation *operatorv1.InstallationSpec TLS *TyphaNodeTLS ClusterDomain string // Optional fields. AmazonCloudIntegration *operatorv1.AmazonCloudIntegration LogCollector *operatorv1.LogCollector MigrateNamespaces bool NodeAppArmorProfile string BirdTemplates map[string]string NodeReporterMetricsPort int // Indicates node is being terminated, so remove most resources but // leave RBAC and SA to allow any CNI plugin calls to continue to function // For details on why this is needed see 'Node and Installation finalizer' in the core_controller. Terminating bool PrometheusServerTLS certificatemanagement.KeyPairInterface // BGPLayouts is returned by the rendering code after modifying its namespace // so that it can be deployed into the cluster. // TODO: The controller should pass the contents, the renderer should build its own // configmap, rather than this "copy" semantic. BGPLayouts *corev1.ConfigMap // The health port that Felix should bind to. The controller reads FelixConfiguration // and sets this. FelixHealthPort int // The bindMode read from the default BGPConfiguration. Used to trigger rolling updates // should this value change. BindMode string }
NodeConfiguration is the public API used to provide information to the render code to generate Kubernetes objects for installing calico/node on a cluster.
type PacketCaptureApiConfiguration ¶ added in v1.25.0
type PacketCaptureApiConfiguration struct { PullSecrets []*corev1.Secret Openshift bool Installation *operatorv1.InstallationSpec KeyValidatorConfig authentication.KeyValidatorConfig ServerCertSecret certificatemanagement.KeyPairInterface TrustedBundle certificatemanagement.TrustedBundle ClusterDomain string }
PacketCaptureApiConfiguration contains all the config information needed to render the component.
type Renderer ¶
type Renderer interface {
Render() []Component
}
A Renderer is capable of generating components to be installed on the cluster.
type S3Credential ¶ added in v1.0.0
type SplunkCredential ¶ added in v1.4.0
type TyphaConfiguration ¶ added in v1.22.0
type TyphaConfiguration struct { K8sServiceEp k8sapi.ServiceEndpoint Installation *operatorv1.InstallationSpec TLS *TyphaNodeTLS AmazonCloudIntegration *operatorv1.AmazonCloudIntegration MigrateNamespaces bool ClusterDomain string // The health port that Felix is bound to. We configure Typha to bind to the port // that is one less. FelixHealthPort int }
TyphaConfiguration is the public API used to provide information to the render code to generate Kubernetes objects for installing calico/typha on a cluster.
type TyphaNodeTLS ¶ added in v1.0.0
type TyphaNodeTLS struct { TrustedBundle certificatemanagement.TrustedBundle TyphaSecret certificatemanagement.KeyPairInterface TyphaCommonName string TyphaURISAN string NodeSecret certificatemanagement.KeyPairInterface NodeCommonName string NodeURISAN string }
TyphaNodeTLS holds configuration for Node and Typha to establish TLS.
type WindowsConfig ¶ added in v1.26.0
type WindowsConfig struct { Installation *operatorv1.InstallationSpec Terminating bool }
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
THIS IS A GENERATED FILE, PLEASE DO NOT EDIT.
|
THIS IS A GENERATED FILE, PLEASE DO NOT EDIT. |
common
|
|
intrusiondetection
|
|
logstorage
|
|