Documentation ¶
Index ¶
Constants ¶
const ( TigeraElasticsearchUserSecretLabel = "tigera-elasticsearch-user" DefaultElasticsearchShards = 1 // ESGatewaySelectorLabel is used to mark any secret containing credentials for ES gateway with this label key/value. // This will allow ES gateway to watch only the relevant secrets it needs. ESGatewaySelectorLabel = "esgateway.tigera.io/secrets" ESGatewaySelectorLabelValue = "credentials" )
Variables ¶
This section is empty.
Functions ¶
func CalculateFlowShards ¶
func CalculateFlowShards(nodesSpecifications *operatorv1.Nodes, defaultShards int) int
func CreateKubeControllersSecrets ¶
func CreateKubeControllersSecrets(ctx context.Context, esAdminUserSecret *corev1.Secret, esAdminUserName string, cli client.Client) (*corev1.Secret, *corev1.Secret, *corev1.Secret, error)
CreateKubeControllersSecrets checks for the existence of the secrets necessary for Kube controllers to access Elasticsearch through ES gateway and creates them if they are missing. Kube controllers no longer uses admin credentials to make requests directly to Elasticsearch. Instead, gateway credentials are generated and stored in the user secret, a hashed version of the credentials is stored in the tigera-elasticsearch namespace for ES Gateway to retrieve and use to compare the gateway credentials, and a secret containing real admin level credentials is created and stored in the tigera-elasticsearch namespace to be swapped in once ES Gateway has confirmed that the gateway credentials match.
Types ¶
This section is empty.