Documentation ¶
Overview ¶
This renderer is responsible for all resources related to a Guardian Deployment in a multicluster setup.
Index ¶
- Constants
- Variables
- func APIServerServiceAccountName(v operatorv1.ProductVariant) string
- func CreateCertificateConfigMap(caPem string, secretName string, namespace string) *corev1.ConfigMap
- func CreateCertificateSecret(caPem []byte, secretName string, namespace string) *corev1.Secret
- func CreateDexClientSecret() *corev1.Secret
- func CreateElasticsearchKeystoreSecret() *corev1.Secret
- func CreateNamespace(name string, provider operatorv1.Provider, pss PodSecurityStandard) *corev1.Namespace
- func GetIPv4Pool(pools []operatorv1.IPPool) *operatorv1.IPPool
- func GetIPv6Pool(pools []operatorv1.IPPool) *operatorv1.IPPool
- func GetLinseedTokenPath(managedCluster bool) string
- func GetTigeraSecurityGroupEnvVariables(aci *operatorv1.AmazonCloudIntegration) []corev1.EnvVar
- func NewDexKeyValidatorConfig(authentication *oprv1.Authentication, idpSecret *corev1.Secret, ...) authentication.KeyValidatorConfig
- func ProjectCalicoAPIServerServiceName(v operatorv1.ProductVariant) string
- func ProjectCalicoAPIServerTLSSecretName(v operatorv1.ProductVariant) string
- func SetClusterCriticalPod(t *corev1.PodTemplateSpec)
- func SetTestLogger(l logr.Logger)
- type APIServerConfiguration
- type AWSSGSetupConfiguration
- type AmazonCloudIntegrationConfiguration
- type AmazonCredential
- type CSIConfiguration
- type ComplianceConfiguration
- type Component
- func APIServer(cfg *APIServerConfiguration) (Component, error)
- func APIServerPolicy(cfg *APIServerConfiguration) Component
- func AWSSecurityGroupSetup(cfg *AWSSGSetupConfiguration) (Component, error)
- func AmazonCloudIntegration(cfg *AmazonCloudIntegrationConfiguration) Component
- func CSI(cfg *CSIConfiguration) Component
- func Compliance(cfg *ComplianceConfiguration) (Component, error)
- func Dex(cfg *DexComponentConfiguration) Component
- func Fluentd(cfg *FluentdConfiguration) Component
- func Guardian(cfg *GuardianConfiguration) Component
- func GuardianPolicy(cfg *GuardianConfiguration) (Component, error)
- func IntrusionDetection(cfg *IntrusionDetectionConfiguration) Component
- func LogStorage(cfg *ElasticsearchConfiguration) Component
- func Manager(cfg *ManagerConfiguration) (Component, error)
- func Namespaces(cfg *NamespaceConfiguration) Component
- func NewDeletionPassthrough(objs ...client.Object) Component
- func NewPassthrough(objs ...client.Object) Component
- func Node(cfg *NodeConfiguration) Component
- func PacketCaptureAPI(cfg *PacketCaptureApiConfiguration) Component
- func PacketCaptureAPIPolicy(cfg *PacketCaptureApiConfiguration) Component
- func PolicyRecommendation(cfg *PolicyRecommendationConfiguration) Component
- func Typha(cfg *TyphaConfiguration) Component
- func Windows(cfg *WindowsConfig) Component
- type DexComponentConfiguration
- type DexConfig
- type DexKeyValidatorConfig
- func (d DexKeyValidatorConfig) BaseURL() string
- func (d DexKeyValidatorConfig) ClientID() string
- func (d DexKeyValidatorConfig) ClientSecret() []byte
- func (d DexKeyValidatorConfig) Issuer() string
- func (d DexKeyValidatorConfig) RedirectURIs() []string
- func (d DexKeyValidatorConfig) RequestedScopes() []string
- func (d *DexKeyValidatorConfig) RequiredAnnotations() map[string]string
- func (d DexKeyValidatorConfig) RequiredConfigMaps(string) []*corev1.ConfigMap
- func (d *DexKeyValidatorConfig) RequiredEnv(prefix string) []corev1.EnvVar
- func (d DexKeyValidatorConfig) RequiredSecrets(namespace string) []*corev1.Secret
- func (d *DexKeyValidatorConfig) RequiredVolumeMounts() []corev1.VolumeMount
- func (d *DexKeyValidatorConfig) RequiredVolumes() []corev1.Volume
- func (d DexKeyValidatorConfig) UsernameClaim() string
- type EksCloudwatchLogConfig
- type ElasticsearchConfiguration
- type ElasticsearchLicenseType
- type FluentdConfiguration
- type FluentdFilters
- type GuardianComponent
- type GuardianConfiguration
- type IntrusionDetectionConfiguration
- type ManagerConfiguration
- type NamespaceConfiguration
- type NodeConfiguration
- type PacketCaptureApiConfiguration
- type PodSecurityStandard
- type PolicyRecommendationConfiguration
- type Renderer
- type S3Credential
- type SplunkCredential
- type TyphaConfiguration
- type TyphaNodeTLS
- type WindowsConfig
Constants ¶
const ( AmazonCloudIntegrationNamespace = "tigera-amazon-cloud-integration" AmazonCloudIntegrationComponentName = "tigera-amazon-cloud-integration" AmazonCloudIntegrationCredentialName = "amazon-cloud-integration-credentials" AmazonCloudCredentialKeyIdName = "key-id" AmazonCloudCredentialKeySecretName = "key-secret" )
const ( APIServerPort = 5443 APIServerPolicyName = networkpolicy.TigeraComponentPolicyPrefix + "cnx-apiserver-access" )
const ( QueryServerPort = 8080 QueryserverNamespace = "tigera-system" QueryserverServiceName = "tigera-api" // Use the same API server container name for both OSS and Enterprise. APIServerContainerName = "calico-apiserver" TigeraAPIServerQueryServerContainerName = "tigera-queryserver" )
const ( ComplianceNamespace = "tigera-compliance" ComplianceServiceName = "compliance" ComplianceServerName = "compliance-server" ComplianceControllerName = "compliance-controller" ComplianceSnapshotterName = "compliance-snapshotter" ComplianceReporterName = "compliance-reporter" ComplianceBenchmarkerName = "compliance-benchmarker" ComplianceAccessPolicyName = networkpolicy.TigeraComponentPolicyPrefix + "compliance-access" ComplianceServerPolicyName = networkpolicy.TigeraComponentPolicyPrefix + ComplianceServerName // ServiceAccount names. ComplianceServerServiceAccount = "tigera-compliance-server" ComplianceSnapshotterServiceAccount = "tigera-compliance-snapshotter" ComplianceBenchmarkerServiceAccount = "tigera-compliance-benchmarker" ComplianceReporterServiceAccount = "tigera-compliance-reporter" ComplianceControllerServiceAccount = "tigera-compliance-controller" )
const ( ElasticsearchComplianceBenchmarkerUserSecret = "tigera-ee-compliance-benchmarker-elasticsearch-access" ElasticsearchComplianceControllerUserSecret = "tigera-ee-compliance-controller-elasticsearch-access" ElasticsearchComplianceReporterUserSecret = "tigera-ee-compliance-reporter-elasticsearch-access" ElasticsearchComplianceSnapshotterUserSecret = "tigera-ee-compliance-snapshotter-elasticsearch-access" ElasticsearchComplianceServerUserSecret = "tigera-ee-compliance-server-elasticsearch-access" ElasticsearchCuratorUserSecret = "tigera-ee-curator-elasticsearch-access" ComplianceServerCertSecret = "tigera-compliance-server-tls" ComplianceSnapshotterSecret = "tigera-compliance-snapshotter-tls" ComplianceBenchmarkerSecret = "tigera-compliance-benchmarker-tls" ComplianceControllerSecret = "tigera-compliance-controller-tls" ComplianceReporterSecret = "tigera-compliance-reporter-tls" )
const ( CSIDriverName = "csi.tigera.io" CSIDaemonSetName = "csi-node-driver" CSIDaemonSetNamespace = "calico-system" CSIContainerName = "calico-csi" CSIRegistrarContainerName = "csi-node-driver-registrar" )
const ( DexNamespace = "tigera-dex" DexObjectName = "tigera-dex" DexPodSecurityPolicyName = "tigera-dex" DexPort = 5556 DexTLSSecretName = "tigera-dex-tls" DexClientId = "tigera-manager" DexPolicyName = networkpolicy.TigeraComponentPolicyPrefix + "allow-tigera-dex" )
const ( ClientSecretSecretField = "clientSecret" RootCASecretField = "rootCA" OIDCSecretName = "tigera-oidc-credentials" OpenshiftSecretName = "tigera-openshift-credentials" LDAPSecretName = "tigera-ldap-credentials" ClientIDSecretField = "clientID" BindDNSecretField = "bindDN" BindPWSecretField = "bindPW" // Default claims to use to data from a JWT. DefaultGroupsClaim = "groups" )
const ( LogCollectorNamespace = "tigera-fluentd" FluentdFilterConfigMapName = "fluentd-filters" FluentdFilterFlowName = "flow" FluentdFilterDNSName = "dns" S3FluentdSecretName = "log-collector-s3-credentials" S3KeyIdName = "key-id" S3KeySecretName = "key-secret" // FluentdPrometheusTLSSecretName is the name of the secret containing the key pair fluentd presents to identify itself. // Somewhat confusingly, this is named the prometheus TLS key pair because that was the first // use-case for this credential. However, it is used on all TLS connections served by fluentd. FluentdPrometheusTLSSecretName = "tigera-fluentd-prometheus-tls" FluentdMetricsService = "fluentd-metrics" FluentdMetricsPortName = "fluentd-metrics-port" FluentdMetricsPort = 9081 FluentdPolicyName = networkpolicy.TigeraComponentPolicyPrefix + "allow-fluentd-node" ElasticsearchLogCollectorUserSecret = "tigera-fluentd-elasticsearch-access" ElasticsearchEksLogForwarderUserSecret = "tigera-eks-log-forwarder-elasticsearch-access" EksLogForwarderSecret = "tigera-eks-log-forwarder-secret" EksLogForwarderAwsId = "aws-id" EksLogForwarderAwsKey = "aws-key" SplunkFluentdTokenSecretName = "logcollector-splunk-credentials" SplunkFluentdSecretTokenKey = "token" SplunkFluentdCertificateSecretName = "logcollector-splunk-public-certificate" SplunkFluentdSecretCertificateKey = "ca.pem" SplunkFluentdSecretsVolName = "splunk-certificates" SplunkFluentdDefaultCertDir = "/etc/pki/splunk/" SplunkFluentdDefaultCertPath = SplunkFluentdDefaultCertDir + SplunkFluentdSecretCertificateKey SysLogPublicCADir = "/etc/pki/tls/certs/" SysLogPublicCertKey = "ca-bundle.crt" SysLogPublicCAPath = SysLogPublicCADir + SysLogPublicCertKey SyslogCAConfigMapName = "syslog-ca" // Constants for Linseed token volume mounting in managed clusters. LinseedTokenVolumeName = "linseed-token" LinseedTokenKey = "token" LinseedTokenSubPath = "token" LinseedTokenSecret = "%s-tigera-linseed-token" LinseedVolumeMountPath = "/var/run/secrets/tigera.io/linseed/" LinseedTokenPath = "/var/run/secrets/tigera.io/linseed/token" FluentdNodeName = "fluentd-node" EKSLogForwarderName = "eks-log-forwarder" EKSLogForwarderTLSSecretName = "tigera-eks-log-forwarder-tls" PacketCaptureAPIRole = "packetcapture-api-role" PacketCaptureAPIRoleBinding = "packetcapture-api-role-binding" )
const ( GuardianName = "tigera-guardian" GuardianNamespace = GuardianName GuardianServiceAccountName = GuardianName GuardianClusterRoleName = GuardianName GuardianClusterRoleBindingName = GuardianName GuardianDeploymentName = GuardianName GuardianPodSecurityPolicyName = GuardianName GuardianServiceName = "tigera-guardian" GuardianVolumeName = "tigera-guardian-certs" GuardianSecretName = "tigera-managed-cluster-connection" GuardianTargetPort = 8080 GuardianPolicyName = networkpolicy.TigeraComponentPolicyPrefix + "guardian-access" )
The names of the components related to the Guardian related rendered objects.
const ( IntrusionDetectionNamespace = "tigera-intrusion-detection" IntrusionDetectionName = "intrusion-detection-controller" AnomalyDetectorsName = "anomaly-detectors" ElasticsearchIntrusionDetectionUserSecret = "tigera-ee-intrusion-detection-elasticsearch-access" ElasticsearchIntrusionDetectionJobUserSecret = "tigera-ee-installer-elasticsearch-access" ElasticsearchADJobUserSecret = "tigera-ee-ad-job-elasticsearch-access" ElasticsearchPerformanceHotspotsUserSecret = "tigera-ee-performance-hotspots-elasticsearch-access" IntrusionDetectionInstallerJobName = "intrusion-detection-es-job-installer" IntrusionDetectionControllerName = "intrusion-detection-controller" IntrusionDetectionControllerPolicyName = networkpolicy.TigeraComponentPolicyPrefix + IntrusionDetectionControllerName IntrusionDetectionInstallerPolicyName = networkpolicy.TigeraComponentPolicyPrefix + "intrusion-detection-elastic" ADAPIObjectName = "anomaly-detection-api" ADAPIPodSecurityPolicyName = "anomaly-detection-api" ADAPIObjectPortName = "anomaly-detection-api-https" ADAPITLSSecretName = "anomaly-detection-api-tls" IntrusionDetectionTLSSecretName = "intrusion-detection-tls" AnomalyDetectorTLSSecretName = "anomaly-detector-tls" DPITLSSecretName = "deep-packet-inspection-tls" ADAPIExpectedServiceName = "anomaly-detection-api.tigera-intrusion-detection.svc" ADAPIPolicyName = networkpolicy.TigeraComponentPolicyPrefix + ADAPIObjectName ADPersistentVolumeClaimName = "tigera-anomaly-detection" DefaultAnomalyDetectionPVRequestSizeGi = "10Gi" ADJobPodTemplateBaseName = "tigera.io.detectors" ADDetectorPolicyName = networkpolicy.TigeraComponentPolicyPrefix + adDetectorName ADResourceGroup = "detectors.tigera.io" ADDetectorsModelResourceName = "models" ADLogTypeMetaDataResourceName = "metadata" )
const ( ECKOperatorName = "elastic-operator" ECKOperatorNamespace = "tigera-eck-operator" ECKLicenseConfigMapName = "elastic-licensing" ECKOperatorPolicyName = networkpolicy.TigeraComponentPolicyPrefix + "elastic-operator-access" ECKEnterpriseTrial = "eck-trial-license" ElasticsearchObjectName = "tigera-elasticsearch" ElasticsearchNamespace = ElasticsearchObjectName // TigeraLinseedSecret is the name of the secret that holds the TLS key pair mounted into Linseed. // The secret contains server key and certificate. TigeraLinseedSecret = "tigera-secure-linseed-cert" // TigeraLinseedTokenSecret is the name of the secret that holds the access token signing key for Linseed. TigeraLinseedTokenSecret = "tigera-secure-linseed-token-tls" // TigeraElasticsearchGatewaySecret is the TLS key pair that is mounted by Elasticsearch gateway. TigeraElasticsearchGatewaySecret = "tigera-secure-elasticsearch-cert" // TigeraElasticsearchInternalCertSecret is the TLS key pair that is mounted by the Elasticsearch pods. TigeraElasticsearchInternalCertSecret = "tigera-secure-internal-elasticsearch-cert" // TigeraKibanaCertSecret is the TLS key pair that is mounted by the Kibana pods. TigeraKibanaCertSecret = "tigera-secure-kibana-cert" // Linseed vars. LinseedServiceName = "tigera-linseed" ElasticsearchName = "tigera-secure" ElasticsearchServiceName = "tigera-secure-es-http" ESGatewayServiceName = "tigera-secure-es-gateway-http" ElasticsearchDefaultPort = 9200 ElasticsearchInternalPort = 9300 ElasticsearchOperatorUserSecret = "tigera-ee-operator-elasticsearch-access" ElasticsearchAdminUserSecret = "tigera-secure-es-elastic-user" ElasticsearchLinseedUserSecret = "tigera-ee-linseed-elasticsearch-user-secret" ElasticsearchPolicyName = networkpolicy.TigeraComponentPolicyPrefix + "elasticsearch-access" ElasticsearchInternalPolicyName = networkpolicy.TigeraComponentPolicyPrefix + "elasticsearch-internal" KibanaName = "tigera-secure" KibanaObjectName = "tigera-kibana" KibanaNamespace = KibanaObjectName KibanaBasePath = KibanaObjectName KibanaServiceName = "tigera-secure-kb-http" KibanaDefaultRoute = "/app/kibana#/dashboards?%s&title=%s" KibanaPolicyName = networkpolicy.TigeraComponentPolicyPrefix + "kibana-access" KibanaPort = 5601 DefaultElasticsearchClusterName = "cluster" DefaultElasticsearchReplicas = 0 DefaultElasticStorageGi = 10 EsCuratorName = "elastic-curator" EsCuratorServiceAccount = "tigera-elastic-curator" EsCuratorPolicyName = networkpolicy.TigeraComponentPolicyPrefix + "allow-elastic-curator" OIDCUsersConfigMapName = "tigera-known-oidc-users" OIDCUsersEsSecreteName = "tigera-oidc-users-elasticsearch-credentials" ElasticsearchLicenseTypeBasic ElasticsearchLicenseType = "basic" ElasticsearchLicenseTypeEnterprise ElasticsearchLicenseType = "enterprise" ElasticsearchLicenseTypeEnterpriseTrial ElasticsearchLicenseType = "enterprise_trial" ElasticsearchLicenseTypeUnknown ElasticsearchLicenseType = "" EsManagerRole = "es-manager" EsManagerRoleBinding = "es-manager" KibanaTLSAnnotationHash = "hash.operator.tigera.io/kb-secrets" ElasticsearchTLSHashAnnotation = "hash.operator.tigera.io/es-secrets" TimeFilter = "_g=(time:(from:now-24h,to:now))" FlowsDashboardName = "Tigera Secure EE Flow Logs" )
const ( // ElasticsearchKeystoreSecret Currently only used when FIPS mode is enabled, we need to initialize the keystore with a password. ElasticsearchKeystoreSecret = "tigera-secure-elasticsearch-keystore" ElasticsearchKeystoreEnvName = "KEYSTORE_PASSWORD" ElasticsearchKeystoreHashAnnotation = "hash.operator.tigera.io/keystore-password" )
const ( ManagerServiceName = "tigera-manager" ManagerDeploymentName = "tigera-manager" ManagerNamespace = "tigera-manager" ManagerServiceAccount = "tigera-manager" ManagerClusterRole = "tigera-manager-role" ManagerClusterRoleBinding = "tigera-manager-binding" ManagerTLSSecretName = "manager-tls" ManagerInternalTLSSecretName = "internal-manager-tls" ManagerPolicyName = networkpolicy.TigeraComponentPolicyPrefix + "manager-access" // The name of the TLS certificate used by Voltron to authenticate connections from managed // cluster clients talking to Linseed. VoltronLinseedTLS = "tigera-voltron-linseed-tls" VoltronLinseedPublicCert = "tigera-voltron-linseed-certs-public" ManagerClusterSettings = "cluster-settings" ManagerUserSettings = "user-settings" ManagerClusterSettingsLayerTigera = "cluster-settings.layer.tigera-infrastructure" ManagerClusterSettingsViewDefault = "cluster-settings.view.default" ElasticsearchManagerUserSecret = "tigera-ee-manager-elasticsearch-access" TlsSecretHashAnnotation = "hash.operator.tigera.io/tls-secret" KibanaTLSHashAnnotation = "hash.operator.tigera.io/kibana-secrets" ElasticsearchUserHashAnnotation = "hash.operator.tigera.io/elasticsearch-user" )
const ( VoltronName = "tigera-voltron" VoltronTunnelSecretName = "tigera-management-cluster-connection" )
ManagementClusterConnection configuration constants
const ( PSSPrivileged = "privileged" PSSBaseline = "baseline" PSSRestricted = "restricted" )
const ( BirdTemplatesConfigMapName = "bird-templates" CSRLabelCalicoSystem = "calico-system" BGPLayoutConfigMapName = "bgp-layout" BGPLayoutConfigMapKey = "earlyNetworkConfiguration" BGPLayoutVolumeName = "bgp-layout" BGPLayoutPath = "/etc/calico/early-networking.yaml" K8sSvcEndpointConfigMapName = "kubernetes-services-endpoint" NodeFinalizer = "tigera.io/cni-protector" CalicoNodeMetricsService = "calico-node-metrics" NodePrometheusTLSServerSecret = "calico-node-prometheus-server-tls" CalicoNodeObjectName = "calico-node" CalicoCNIPluginObjectName = "calico-cni-plugin" )
const ( PacketCaptureContainerName = "tigera-packetcapture-server" PacketCaptureName = "tigera-packetcapture" PacketCaptureNamespace = PacketCaptureName PacketCaptureServiceAccountName = PacketCaptureName PacketCaptureClusterRoleName = PacketCaptureName PacketCaptureClusterRoleBindingName = PacketCaptureName PacketCaptureDeploymentName = PacketCaptureName PacketCaptureServiceName = PacketCaptureName PacketCapturePodSecurityPolicyName = PacketCaptureName PacketCapturePolicyName = networkpolicy.TigeraComponentPolicyPrefix + PacketCaptureName PacketCapturePort = 8444 PacketCaptureCertSecret = "tigera-packetcapture-server-tls" )
The names of the components related to the PacketCapture APIs related rendered objects.
const ( ElasticsearchPolicyRecommendationUserSecret = "tigera-ee-policy-recommendation-elasticsearch-access" PolicyRecommendationName = "tigera-policy-recommendation" PolicyRecommendationNamespace = PolicyRecommendationName PolicyRecommendationPodSecurityPolicyName = PolicyRecommendationName PolicyRecommendationPolicyName = networkpolicy.TigeraComponentPolicyPrefix + PolicyRecommendationName PolicyRecommendationTLSSecretName = "policy-recommendation-tls" )
The names of the components related to the PolicyRecommendation APIs related rendered objects.
const ( TyphaServiceName = "calico-typha" TyphaPortName = "calico-typha" TyphaK8sAppName = "calico-typha" TyphaServiceAccountName = "calico-typha" AppLabelName = "k8s-app" TyphaPort int32 = 5473 TyphaContainerName = "calico-typha" )
const TigeraAWSSGSetupName = "tigera-aws-security-group-setup"
Variables ¶
var ( ComplianceServerEntityRule = networkpolicy.CreateEntityRule(ComplianceNamespace, ComplianceServerName, complianceServerPort) ComplianceServerSourceEntityRule = networkpolicy.CreateSourceEntityRule(ComplianceNamespace, ComplianceServerName) ComplianceBenchmarkerSourceEntityRule = networkpolicy.CreateSourceEntityRule(ComplianceNamespace, ComplianceBenchmarkerName) ComplianceControllerSourceEntityRule = networkpolicy.CreateSourceEntityRule(ComplianceNamespace, ComplianceControllerName) ComplianceSnapshotterSourceEntityRule = networkpolicy.CreateSourceEntityRule(ComplianceNamespace, ComplianceSnapshotterName) ComplianceReporterSourceEntityRule = networkpolicy.CreateSourceEntityRule(ComplianceNamespace, ComplianceReporterName) )
var ( GuardianEntityRule = networkpolicy.CreateEntityRule(GuardianNamespace, GuardianDeploymentName, GuardianTargetPort) GuardianSourceEntityRule = networkpolicy.CreateSourceEntityRule(GuardianNamespace, GuardianDeploymentName) GuardianServiceSelectorEntityRule = networkpolicy.CreateServiceSelectorEntityRule(GuardianNamespace, GuardianName) )
var ( ElasticsearchSelector = fmt.Sprintf("elasticsearch.k8s.elastic.co/cluster-name == '%s'", ElasticsearchName) ElasticsearchEntityRule = v3.EntityRule{ NamespaceSelector: fmt.Sprintf("projectcalico.org/name == '%s'", ElasticsearchNamespace), Selector: ElasticsearchSelector, Ports: []numorstring.Port{{MinPort: ElasticsearchDefaultPort, MaxPort: ElasticsearchDefaultPort}}, } )
var ( KibanaEntityRule = networkpolicy.CreateEntityRule(KibanaNamespace, KibanaName, KibanaPort) KibanaSourceEntityRule = networkpolicy.CreateSourceEntityRule(KibanaNamespace, KibanaName) ECKOperatorSourceEntityRule = networkpolicy.CreateSourceEntityRule(ECKOperatorNamespace, ECKOperatorName) ESCuratorSourceEntityRule = networkpolicy.CreateSourceEntityRule(ElasticsearchNamespace, EsCuratorName) )
var ( ManagerEntityRule = networkpolicy.CreateEntityRule(ManagerNamespace, ManagerDeploymentName, managerPort) ManagerSourceEntityRule = networkpolicy.CreateSourceEntityRule(ManagerNamespace, ManagerDeploymentName) )
var ( PacketCaptureEntityRule = networkpolicy.CreateEntityRule(PacketCaptureNamespace, PacketCaptureDeploymentName, PacketCapturePort) PacketCaptureSourceEntityRule = networkpolicy.CreateSourceEntityRule(PacketCaptureNamespace, PacketCaptureDeploymentName) )
var ( CommonName = "common-name" URISAN = "uri-san" TyphaCommonName = "typha-server" FelixCommonName = "typha-client" NodePriorityClassName = "system-node-critical" ClusterPriorityClassName = "system-cluster-critical" )
var ( TyphaTLSSecretName = "typha-certs" TyphaCAConfigMapName = "typha-ca" TyphaCABundleName = "caBundle" )
var DexEntityRule = networkpolicy.CreateEntityRule(DexNamespace, DexObjectName, DexPort)
var EKSLogForwarderEntityRule = networkpolicy.CreateSourceEntityRule(LogCollectorNamespace, EKSLogForwarderName)
var FluentdSourceEntityRule = v3.EntityRule{ NamespaceSelector: fmt.Sprintf("name == '%s'", LogCollectorNamespace), Selector: networkpolicy.KubernetesAppSelector(FluentdNodeName, fluentdNodeWindowsName), }
var InternalElasticsearchEntityRule = v3.EntityRule{ NamespaceSelector: fmt.Sprintf("projectcalico.org/name == '%s'", ElasticsearchNamespace), Selector: ElasticsearchSelector, Ports: []numorstring.Port{{MinPort: ElasticsearchInternalPort, MaxPort: ElasticsearchInternalPort}}, }
var IntrusionDetectionInstallerSourceEntityRule = v3.EntityRule{ NamespaceSelector: intrusionDetectionNamespaceSelector, Selector: fmt.Sprintf("job-name == '%s'", IntrusionDetectionInstallerJobName), }
var ( IntrusionDetectionSourceEntityRule = v3.EntityRule{ NamespaceSelector: intrusionDetectionNamespaceSelector, Selector: fmt.Sprintf("k8s-app == '%s'", IntrusionDetectionControllerName), } )
Register secret/certs that need Server and Client Key usage
var (
NodeTLSSecretName = "node-certs"
)
var PolicyRecommendationEntityRule = networkpolicy.CreateSourceEntityRule(PolicyRecommendationNamespace, PolicyRecommendationName)
var TigeraAPIServerEntityRule = v3.EntityRule{ Services: &v3.ServiceMatch{ Namespace: QueryserverNamespace, Name: QueryserverServiceName, }, }
Functions ¶
func APIServerServiceAccountName ¶ added in v1.30.0
func APIServerServiceAccountName(v operatorv1.ProductVariant) string
func CreateCertificateConfigMap ¶ added in v1.25.1
func CreateCertificateConfigMap(caPem string, secretName string, namespace string) *corev1.ConfigMap
CreateCertificateConfigMap is a convenience method for creating a configmap that contains only a ca or cert to trust.
func CreateCertificateSecret ¶ added in v1.18.0
CreateCertificateSecret is a convenience method for creating a secret that contains only a ca or cert to trust.
func CreateDexClientSecret ¶ added in v1.12.0
func CreateElasticsearchKeystoreSecret ¶ added in v1.28.2
CreateElasticsearchKeystoreSecret creates a secret to be used for initializing the keystore on Elasticsearch.
func CreateNamespace ¶ added in v1.22.0
func CreateNamespace(name string, provider operatorv1.Provider, pss PodSecurityStandard) *corev1.Namespace
func GetIPv4Pool ¶ added in v1.2.0
func GetIPv4Pool(pools []operatorv1.IPPool) *operatorv1.IPPool
GetIPv4Pool returns the IPv4 IPPool in an installation, or nil if one can't be found.
func GetIPv6Pool ¶ added in v1.2.0
func GetIPv6Pool(pools []operatorv1.IPPool) *operatorv1.IPPool
GetIPv6Pool returns the IPv6 IPPool in an installation, or nil if one can't be found.
func GetLinseedTokenPath ¶ added in v1.30.0
func GetTigeraSecurityGroupEnvVariables ¶ added in v1.8.0
func GetTigeraSecurityGroupEnvVariables(aci *operatorv1.AmazonCloudIntegration) []corev1.EnvVar
func NewDexKeyValidatorConfig ¶ added in v1.12.0
func NewDexKeyValidatorConfig( authentication *oprv1.Authentication, idpSecret *corev1.Secret, clusterDomain string) authentication.KeyValidatorConfig
func ProjectCalicoAPIServerServiceName ¶ added in v1.30.0
func ProjectCalicoAPIServerServiceName(v operatorv1.ProductVariant) string
func ProjectCalicoAPIServerTLSSecretName ¶ added in v1.30.0
func ProjectCalicoAPIServerTLSSecretName(v operatorv1.ProductVariant) string
The following functions are helpers for determining resource names based on the configured product variant.
func SetClusterCriticalPod ¶ added in v1.22.0
func SetClusterCriticalPod(t *corev1.PodTemplateSpec)
func SetTestLogger ¶
Types ¶
type APIServerConfiguration ¶ added in v1.25.0
type APIServerConfiguration struct { K8SServiceEndpoint k8sapi.ServiceEndpoint Installation *operatorv1.InstallationSpec APIServer *operatorv1.APIServerSpec ForceHostNetwork bool ManagementCluster *operatorv1.ManagementCluster ManagementClusterConnection *operatorv1.ManagementClusterConnection AmazonCloudIntegration *operatorv1.AmazonCloudIntegration TLSKeyPair certificatemanagement.KeyPairInterface PullSecrets []*corev1.Secret Openshift bool TunnelCASecret certificatemanagement.KeyPairInterface TrustedBundle certificatemanagement.TrustedBundle // Whether the cluster supports pod security policies. UsePSP bool }
APIServerConfiguration contains all the config information needed to render the component.
type AWSSGSetupConfiguration ¶ added in v1.25.0
type AWSSGSetupConfiguration struct { PullSecrets []corev1.LocalObjectReference Installation *operatorv1.InstallationSpec }
AWSSGSetupConfiguration contains all the config information needed to render the component.
type AmazonCloudIntegrationConfiguration ¶ added in v1.25.0
type AmazonCloudIntegrationConfiguration struct { AmazonCloudIntegration *operatorv1.AmazonCloudIntegration Installation *operatorv1.InstallationSpec Credentials *AmazonCredential PullSecrets []*corev1.Secret TrustedBundle certificatemanagement.TrustedBundle }
AmazonCloudIntegrationConfiguration contains all the config information needed to render the component.
type AmazonCredential ¶ added in v1.8.0
func ConvertSecretToCredential ¶ added in v1.8.0
func ConvertSecretToCredential(s *corev1.Secret) (*AmazonCredential, error)
type CSIConfiguration ¶ added in v1.28.0
type CSIConfiguration struct { Installation *operatorv1.InstallationSpec Terminating bool UsePSP bool OpenShift bool }
type ComplianceConfiguration ¶ added in v1.25.0
type ComplianceConfiguration struct { ESSecrets []*corev1.Secret Installation *operatorv1.InstallationSpec ESClusterConfig *relasticsearch.ClusterConfig PullSecrets []*corev1.Secret Openshift bool ManagementCluster *operatorv1.ManagementCluster ManagementClusterConnection *operatorv1.ManagementClusterConnection KeyValidatorConfig authentication.KeyValidatorConfig ClusterDomain string HasNoLicense bool // Trusted certificate bundle for all compliance pods. TrustedBundle certificatemanagement.TrustedBundle // Key pairs used for mTLS. ServerKeyPair certificatemanagement.KeyPairInterface BenchmarkerKeyPair certificatemanagement.KeyPairInterface ReporterKeyPair certificatemanagement.KeyPairInterface SnapshotterKeyPair certificatemanagement.KeyPairInterface ControllerKeyPair certificatemanagement.KeyPairInterface // Whether the cluster supports pod security policies. UsePSP bool }
ComplianceConfiguration contains all the config information needed to render the component.
type Component ¶
type Component interface { // ResolveImages should call components.GetReference for all images that the Component // needs, passing 'is' to the GetReference call and if there are any errors those // are returned. It is valid to pass nil for 'is' as GetReference accepts the value. // ResolveImages must be called before Objects is called for the component. ResolveImages(is *operatorv1.ImageSet) error // Objects returns the lists of objects in this component that should be created and/or deleted during // rendering. Objects() (objsToCreate, objsToDelete []client.Object) // Ready returns true if the component is ready to be created. Ready() bool // SupportedOSTypes returns operating systems that is supported of the components returned by the Objects() function. // The "componentHandler" converts the returned OSTypes to a node selectors for the "kubernetes.io/os" label on client.Objects // that create pods. Return OSTypeAny means that no node selector should be set for the "kubernetes.io/os" label. SupportedOSType() rmeta.OSType }
func APIServer ¶
func APIServer(cfg *APIServerConfiguration) (Component, error)
func APIServerPolicy ¶ added in v1.28.0
func APIServerPolicy(cfg *APIServerConfiguration) Component
func AWSSecurityGroupSetup ¶ added in v1.0.0
func AWSSecurityGroupSetup(cfg *AWSSGSetupConfiguration) (Component, error)
func AmazonCloudIntegration ¶ added in v1.8.0
func AmazonCloudIntegration(cfg *AmazonCloudIntegrationConfiguration) Component
func CSI ¶ added in v1.28.0
func CSI(cfg *CSIConfiguration) Component
func Compliance ¶
func Compliance(cfg *ComplianceConfiguration) (Component, error)
func Dex ¶ added in v1.12.0
func Dex(cfg *DexComponentConfiguration) Component
func Fluentd ¶ added in v1.0.0
func Fluentd(cfg *FluentdConfiguration) Component
func Guardian ¶ added in v1.2.0
func Guardian(cfg *GuardianConfiguration) Component
func GuardianPolicy ¶ added in v1.28.0
func GuardianPolicy(cfg *GuardianConfiguration) (Component, error)
func IntrusionDetection ¶
func IntrusionDetection(cfg *IntrusionDetectionConfiguration) Component
func LogStorage ¶ added in v1.4.0
func LogStorage(cfg *ElasticsearchConfiguration) Component
LogStorage renders the components necessary for kibana and elasticsearch
func Manager ¶ added in v1.0.0
func Manager(cfg *ManagerConfiguration) (Component, error)
func Namespaces ¶
func Namespaces(cfg *NamespaceConfiguration) Component
func NewDeletionPassthrough ¶ added in v1.29.1
func NewPassthrough ¶ added in v1.22.0
func Node ¶
func Node(cfg *NodeConfiguration) Component
Node creates the node daemonset and other resources for the daemonset to operate normally.
func PacketCaptureAPI ¶ added in v1.21.0
func PacketCaptureAPI(cfg *PacketCaptureApiConfiguration) Component
func PacketCaptureAPIPolicy ¶ added in v1.28.0
func PacketCaptureAPIPolicy(cfg *PacketCaptureApiConfiguration) Component
func PolicyRecommendation ¶ added in v1.30.0
func PolicyRecommendation(cfg *PolicyRecommendationConfiguration) Component
func Typha ¶ added in v1.0.0
func Typha(cfg *TyphaConfiguration) Component
Typha creates the typha daemonset and other resources for the daemonset to operate normally.
func Windows ¶ added in v1.23.0
func Windows( cfg *WindowsConfig, ) Component
type DexComponentConfiguration ¶ added in v1.25.0
type DexComponentConfiguration struct { PullSecrets []*corev1.Secret Openshift bool Installation *operatorv1.InstallationSpec DexConfig DexConfig ClusterDomain string DeleteDex bool TLSKeyPair certificatemanagement.KeyPairInterface TrustedBundle certificatemanagement.TrustedBundle // Whether the cluster supports pod security policies. UsePSP bool }
DexComponentConfiguration contains all the config information needed to render the component.
type DexConfig ¶ added in v1.12.0
type DexConfig interface { Connector() map[string]interface{} RedirectURIs() []string // RequiredVolumeMounts returns volume mounts that the KeyValidatorConfig implementation requires. RequiredVolumeMounts() []corev1.VolumeMount // RequiredVolumes returns volumes that the KeyValidatorConfig implementation requires. RequiredVolumes() []corev1.Volume authentication.KeyValidatorConfig }
DexConfig is a config for DexIdP itself.
func NewDexConfig ¶ added in v1.12.0
func NewDexConfig( certificateManagement *oprv1.CertificateManagement, authentication *oprv1.Authentication, dexSecret *corev1.Secret, idpSecret *corev1.Secret, clusterDomain string) DexConfig
Create a new DexConfig.
type DexKeyValidatorConfig ¶ added in v1.12.0
type DexKeyValidatorConfig struct {
// contains filtered or unexported fields
}
func (DexKeyValidatorConfig) BaseURL ¶ added in v1.18.0
func (d DexKeyValidatorConfig) BaseURL() string
func (DexKeyValidatorConfig) ClientID ¶ added in v1.18.0
func (d DexKeyValidatorConfig) ClientID() string
func (DexKeyValidatorConfig) ClientSecret ¶ added in v1.18.0
func (d DexKeyValidatorConfig) ClientSecret() []byte
func (DexKeyValidatorConfig) Issuer ¶ added in v1.18.0
func (d DexKeyValidatorConfig) Issuer() string
func (DexKeyValidatorConfig) RedirectURIs ¶ added in v1.18.0
func (d DexKeyValidatorConfig) RedirectURIs() []string
func (DexKeyValidatorConfig) RequestedScopes ¶ added in v1.18.0
func (d DexKeyValidatorConfig) RequestedScopes() []string
func (*DexKeyValidatorConfig) RequiredAnnotations ¶ added in v1.12.0
func (d *DexKeyValidatorConfig) RequiredAnnotations() map[string]string
RequiredAnnotations returns the annotations that are relevant for a validator config.
func (DexKeyValidatorConfig) RequiredConfigMaps ¶ added in v1.18.0
func (*DexKeyValidatorConfig) RequiredEnv ¶ added in v1.12.0
func (d *DexKeyValidatorConfig) RequiredEnv(prefix string) []corev1.EnvVar
Append variables that are necessary for using the dex authenticator.
func (DexKeyValidatorConfig) RequiredSecrets ¶ added in v1.12.0
func (*DexKeyValidatorConfig) RequiredVolumeMounts ¶ added in v1.12.0
func (d *DexKeyValidatorConfig) RequiredVolumeMounts() []corev1.VolumeMount
func (*DexKeyValidatorConfig) RequiredVolumes ¶ added in v1.12.0
func (d *DexKeyValidatorConfig) RequiredVolumes() []corev1.Volume
func (DexKeyValidatorConfig) UsernameClaim ¶ added in v1.18.0
func (d DexKeyValidatorConfig) UsernameClaim() string
type EksCloudwatchLogConfig ¶ added in v1.0.0
type ElasticsearchConfiguration ¶ added in v1.25.0
type ElasticsearchConfiguration struct { LogStorage *operatorv1.LogStorage Installation *operatorv1.InstallationSpec ManagementCluster *operatorv1.ManagementCluster ManagementClusterConnection *operatorv1.ManagementClusterConnection Elasticsearch *esv1.Elasticsearch Kibana *kbv1.Kibana ClusterConfig *relasticsearch.ClusterConfig ElasticsearchUserSecret *corev1.Secret ElasticsearchKeyPair certificatemanagement.KeyPairInterface KibanaKeyPair certificatemanagement.KeyPairInterface PullSecrets []*corev1.Secret Provider operatorv1.Provider CuratorSecrets []*corev1.Secret ESService *corev1.Service KbService *corev1.Service ClusterDomain string BaseURL string // BaseUrl is where the manager is reachable, for setting Kibana publicBaseUrl ElasticLicenseType ElasticsearchLicenseType TrustedBundle certificatemanagement.TrustedBundle UnusedTLSSecret *corev1.Secret ApplyTrial bool KeyStoreSecret *corev1.Secret // Whether the cluster supports pod security policies. UsePSP bool }
ElasticsearchConfiguration contains all the config information needed to render the component.
type ElasticsearchLicenseType ¶ added in v1.14.0
type ElasticsearchLicenseType string
type FluentdConfiguration ¶ added in v1.25.0
type FluentdConfiguration struct { LogCollector *operatorv1.LogCollector ESSecrets []*corev1.Secret ESClusterConfig *relasticsearch.ClusterConfig S3Credential *S3Credential SplkCredential *SplunkCredential Filters *FluentdFilters EKSConfig *EksCloudwatchLogConfig PullSecrets []*corev1.Secret Installation *operatorv1.InstallationSpec ClusterDomain string OSType rmeta.OSType FluentdKeyPair certificatemanagement.KeyPairInterface TrustedBundle certificatemanagement.TrustedBundle ManagedCluster bool // Whether the cluster supports pod security policies. UsePSP bool // Whether to use User provided certificate or not. UseSyslogCertificate bool // EKSLogForwarderKeyPair contains the certificate presented by EKS LogForwarder when communicating with Linseed EKSLogForwarderKeyPair certificatemanagement.KeyPairInterface }
FluentdConfiguration contains all the config information needed to render the component.
type FluentdFilters ¶ added in v1.0.0
type GuardianComponent ¶ added in v1.2.0
type GuardianComponent struct {
// contains filtered or unexported fields
}
func (*GuardianComponent) Objects ¶ added in v1.2.0
func (c *GuardianComponent) Objects() ([]client.Object, []client.Object)
func (*GuardianComponent) Ready ¶ added in v1.2.0
func (c *GuardianComponent) Ready() bool
func (*GuardianComponent) ResolveImages ¶ added in v1.14.0
func (c *GuardianComponent) ResolveImages(is *operatorv1.ImageSet) error
func (*GuardianComponent) SupportedOSType ¶ added in v1.11.0
func (c *GuardianComponent) SupportedOSType() rmeta.OSType
type GuardianConfiguration ¶ added in v1.25.0
type GuardianConfiguration struct { URL string PullSecrets []*corev1.Secret Openshift bool Installation *operatorv1.InstallationSpec TunnelSecret *corev1.Secret TrustedCertBundle certificatemanagement.TrustedBundle TunnelCAType operatorv1.CAType // Whether the cluster supports pod security policies. UsePSP bool }
GuardianConfiguration contains all the config information needed to render the component.
type IntrusionDetectionConfiguration ¶ added in v1.25.0
type IntrusionDetectionConfiguration struct { IntrusionDetection operatorv1.IntrusionDetection LogCollector *operatorv1.LogCollector ESSecrets []*corev1.Secret Installation *operatorv1.InstallationSpec ESClusterConfig *relasticsearch.ClusterConfig PullSecrets []*corev1.Secret Openshift bool ClusterDomain string ESLicenseType ElasticsearchLicenseType ManagedCluster bool // PVC fields Spec fields are immutable, set to true when an existing AD PVC // is not found as to avoid update failures. ShouldRenderADPVC bool HasNoLicense bool TrustedCertBundle certificatemanagement.TrustedBundle ADAPIServerCertSecret certificatemanagement.KeyPairInterface IntrusionDetectionCertSecret certificatemanagement.KeyPairInterface AnomalyDetectorCertSecret certificatemanagement.KeyPairInterface // Whether the cluster supports pod security policies. UsePSP bool }
IntrusionDetectionConfiguration contains all the config information needed to render the component.
type ManagerConfiguration ¶ added in v1.25.0
type ManagerConfiguration struct { KeyValidatorConfig authentication.KeyValidatorConfig ESSecrets []*corev1.Secret ESClusterConfig *relasticsearch.ClusterConfig PullSecrets []*corev1.Secret Openshift bool Installation *operatorv1.InstallationSpec ManagementCluster *operatorv1.ManagementCluster // If provided, the KeyPair to used for external connections terminated by Voltron, // and connections from the manager pod to Linseed. TLSKeyPair certificatemanagement.KeyPairInterface // The key pair to use for TLS between Linseed clients in managed clusters and Voltron // in the management cluster. VoltronLinseedKeyPair certificatemanagement.KeyPairInterface // KeyPair used for establishing mTLS tunnel with Guardian. TunnelSecret certificatemanagement.KeyPairInterface // TLS KeyPair used by both Voltron and es-proxy, presented by each as part of the mTLS handshake with // other services within the cluster. This is used in both management and standalone clusters. InternalTLSKeyPair certificatemanagement.KeyPairInterface // Certificate bundle used by the manager pod to verify certificates presented // by clients as part of mTLS authentication. TrustedCertBundle certificatemanagement.TrustedBundle ClusterDomain string ESLicenseType ElasticsearchLicenseType Replicas *int32 Compliance *operatorv1.Compliance ComplianceLicenseActive bool // Whether the cluster supports pod security policies. UsePSP bool }
ManagerConfiguration contains all the config information needed to render the component.
type NamespaceConfiguration ¶ added in v1.25.0
type NamespaceConfiguration struct { Installation *operatorv1.InstallationSpec PullSecrets []*corev1.Secret Terminating bool }
NamespaceConfiguration contains all the config information needed to render the component.
type NodeConfiguration ¶ added in v1.22.0
type NodeConfiguration struct { K8sServiceEp k8sapi.ServiceEndpoint Installation *operatorv1.InstallationSpec TLS *TyphaNodeTLS ClusterDomain string // Optional fields. AmazonCloudIntegration *operatorv1.AmazonCloudIntegration LogCollector *operatorv1.LogCollector MigrateNamespaces bool NodeAppArmorProfile string BirdTemplates map[string]string NodeReporterMetricsPort int // Indicates node is being terminated, so remove most resources but // leave RBAC and SA to allow any CNI plugin calls to continue to function // For details on why this is needed see 'Node and Installation finalizer' in the core_controller. Terminating bool PrometheusServerTLS certificatemanagement.KeyPairInterface // BGPLayouts is returned by the rendering code after modifying its namespace // so that it can be deployed into the cluster. // TODO: The controller should pass the contents, the renderer should build its own // configmap, rather than this "copy" semantic. BGPLayouts *corev1.ConfigMap // The health port that Felix should bind to. The controller reads FelixConfiguration // and sets this. FelixHealthPort int // The bindMode read from the default BGPConfiguration. Used to trigger rolling updates // should this value change. BindMode string // Whether the cluster supports pod security policies. UsePSP bool }
NodeConfiguration is the public API used to provide information to the render code to generate Kubernetes objects for installing calico/node on a cluster.
type PacketCaptureApiConfiguration ¶ added in v1.25.0
type PacketCaptureApiConfiguration struct { PullSecrets []*corev1.Secret Openshift bool Installation *operatorv1.InstallationSpec KeyValidatorConfig authentication.KeyValidatorConfig ServerCertSecret certificatemanagement.KeyPairInterface TrustedBundle certificatemanagement.TrustedBundle ClusterDomain string ManagementClusterConnection *operatorv1.ManagementClusterConnection // Whether the cluster supports pod security policies. UsePSP bool }
PacketCaptureApiConfiguration contains all the config information needed to render the component.
type PodSecurityStandard ¶ added in v1.28.0
type PodSecurityStandard string
type PolicyRecommendationConfiguration ¶ added in v1.30.0
type PolicyRecommendationConfiguration struct { ClusterDomain string ESClusterConfig *relasticsearch.ClusterConfig ESSecrets []*corev1.Secret Installation *operatorv1.InstallationSpec ManagedCluster bool Openshift bool PullSecrets []*corev1.Secret TrustedBundle certificatemanagement.TrustedBundle PolicyRecommendationCertSecret certificatemanagement.KeyPairInterface // Whether the cluster supports pod security policies. UsePSP bool }
PolicyRecommendationConfiguration contains all the config information needed to render the component.
type Renderer ¶
type Renderer interface {
Render() []Component
}
A Renderer is capable of generating components to be installed on the cluster.
type S3Credential ¶ added in v1.0.0
type SplunkCredential ¶ added in v1.4.0
type TyphaConfiguration ¶ added in v1.22.0
type TyphaConfiguration struct { K8sServiceEp k8sapi.ServiceEndpoint Installation *operatorv1.InstallationSpec TLS *TyphaNodeTLS AmazonCloudIntegration *operatorv1.AmazonCloudIntegration MigrateNamespaces bool ClusterDomain string // The health port that Felix is bound to. We configure Typha to bind to the port // that is one less. FelixHealthPort int // Whether the cluster supports pod security policies. UsePSP bool }
TyphaConfiguration is the public API used to provide information to the render code to generate Kubernetes objects for installing calico/typha on a cluster.
type TyphaNodeTLS ¶ added in v1.0.0
type TyphaNodeTLS struct { TrustedBundle certificatemanagement.TrustedBundle TyphaSecret certificatemanagement.KeyPairInterface TyphaCommonName string TyphaURISAN string NodeSecret certificatemanagement.KeyPairInterface NodeCommonName string NodeURISAN string }
TyphaNodeTLS holds configuration for Node and Typha to establish TLS.
type WindowsConfig ¶ added in v1.26.0
type WindowsConfig struct { Installation *operatorv1.InstallationSpec Terminating bool }
Source Files ¶
- amazoncloudintegration.go
- apiserver.go
- aws-securitygroup-setup.go
- compliance.go
- component.go
- crypto_utils.go
- csi.go
- dex.go
- dex_config.go
- fluentd.go
- guardian.go
- intrusion_detection.go
- logstorage.go
- manager.go
- namespaces.go
- node.go
- packet_capture_api.go
- passthru.go
- policyrecommendation.go
- render.go
- typha.go
- windows.go
Directories ¶
Path | Synopsis |
---|---|
THIS IS A GENERATED FILE, PLEASE DO NOT EDIT.
|
THIS IS A GENERATED FILE, PLEASE DO NOT EDIT. |
common
|
|
intrusiondetection
|
|
logstorage
|
|