Documentation
¶
Index ¶
- func IsPodIdentityAgentInstalled(ctx context.Context, eksAPI awsapi.EKS, clusterName string) (bool, error)
- func MakeAddonPodIdentityStackName(clusterName, addonName, serviceAccountName string) string
- func MakeStackName(clusterName, namespace, serviceAccountName string) string
- type APIDeleter
- type APILister
- type APIUpdater
- type AddonCreator
- type AddonMigrator
- type AddonServiceAccountRoleMapper
- type Creator
- type Deleter
- type EKSAddonsAPI
- type Getter
- type IAMRoleCreator
- type IAMRoleGetter
- type IAMRoleUpdater
- type IRSAv1StackNameResolver
- type IRSAv1StackSummary
- type Identifier
- type Migrator
- type PodIdentityMigrationOptions
- type RoleMigrator
- type RoleUpdateValidator
- type StackCreator
- type StackDeleter
- type StackDescriber
- type StackLister
- type StackUpdater
- type Summary
- type UpdateConfig
- type Updater
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsPodIdentityAgentInstalled ¶ added in v0.166.0
func MakeAddonPodIdentityStackName ¶ added in v0.181.0
func MakeStackName ¶
MakeStackName creates a stack name for the specified access entry.
Types ¶
type APIDeleter ¶
type APIDeleter interface {
APILister
DeletePodIdentityAssociation(ctx context.Context, params *eks.DeletePodIdentityAssociationInput, optFns ...func(*eks.Options)) (*eks.DeletePodIdentityAssociationOutput, error)
}
APIDeleter lists and deletes pod identity associations using the EKS API.
type APILister ¶
type APILister interface {
ListPodIdentityAssociations(ctx context.Context, params *eks.ListPodIdentityAssociationsInput, optFns ...func(*eks.Options)) (*eks.ListPodIdentityAssociationsOutput, error)
}
APILister lists pod identity associations using the EKS API.
type APIUpdater ¶
type APIUpdater interface {
APILister
DescribePodIdentityAssociation(ctx context.Context, params *eks.DescribePodIdentityAssociationInput, optFns ...func(*eks.Options)) (*eks.DescribePodIdentityAssociationOutput, error)
UpdatePodIdentityAssociation(ctx context.Context, params *eks.UpdatePodIdentityAssociationInput, optFns ...func(*eks.Options)) (*eks.UpdatePodIdentityAssociationOutput, error)
}
APIUpdater updates pod identity associations using the EKS API.
type AddonCreator ¶ added in v0.166.0
type AddonMigrator ¶ added in v0.181.0
type AddonMigrator struct {
ClusterName string
AddonServiceAccountRoleMapper AddonServiceAccountRoleMapper
IAMRoleGetter IAMRoleGetter
StackDescriber StackDescriber
EKSAddonsAPI EKSAddonsAPI
RoleMigrator RoleMigrator
}
AddonMigrator migrates EKS managed addons using IRSAv1 to EKS Pod Identity.
type AddonServiceAccountRoleMapper ¶ added in v0.181.0
AddonServiceAccountRoleMapper maps service account role ARNs to EKS addons.
func CreateAddonServiceAccountRoleMapper ¶ added in v0.181.0
func CreateAddonServiceAccountRoleMapper(ctx context.Context, clusterName string, eksAddonsAPI EKSAddonsAPI) (AddonServiceAccountRoleMapper, error)
CreateAddonServiceAccountRoleMapper creates an AddonServiceAccountRoleMapper that maps service account role ARNs to EKS addons.
func (AddonServiceAccountRoleMapper) AddonForServiceAccountRole ¶ added in v0.181.0
func (m AddonServiceAccountRoleMapper) AddonForServiceAccountRole(roleARN string) *ekstypes.Addon
AddonForServiceAccountRole returns the addon used by roleARN.
type Creator ¶
type Creator struct {
// contains filtered or unexported fields
}
func NewCreator ¶
func NewCreator(clusterName string, stackCreator StackCreator, eksAPI awsapi.EKS, clientSet kubeclient.Interface) *Creator
func (*Creator) CreatePodIdentityAssociations ¶
func (*Creator) CreateTasks ¶
type Deleter ¶
type Deleter struct {
// ClusterName is the cluster name.
ClusterName string
// StackDeleter is used to delete stacks.
StackDeleter StackDeleter
// APIDeleter deletes pod identity associations using the EKS API.
APIDeleter APIDeleter
// ClientSet is used to delete K8s service accounts.
ClientSet kubeclient.Interface
}
A Deleter deletes pod identity associations.
func NewDeleter ¶
func NewDeleter(clusterName string, stackDeleter StackDeleter, apiDeleter APIDeleter, clientSet kubeclient.Interface) *Deleter
func (*Deleter) Delete ¶
func (d *Deleter) Delete(ctx context.Context, podIDs []Identifier) error
Delete deletes the specified podIdentityAssociations.
func (*Deleter) DeleteTasks ¶
type EKSAddonsAPI ¶ added in v0.181.0
type EKSAddonsAPI interface {
ListAddons(ctx context.Context, params *eks.ListAddonsInput, optFns ...func(*eks.Options)) (*eks.ListAddonsOutput, error)
DescribeAddon(ctx context.Context, params *eks.DescribeAddonInput, optFns ...func(*eks.Options)) (*eks.DescribeAddonOutput, error)
DescribeAddonConfiguration(ctx context.Context, params *eks.DescribeAddonConfigurationInput, optFns ...func(*eks.Options)) (*eks.DescribeAddonConfigurationOutput, error)
UpdateAddon(ctx context.Context, params *eks.UpdateAddonInput, optFns ...func(*eks.Options)) (*eks.UpdateAddonOutput, error)
}
type IAMRoleCreator ¶ added in v0.181.0
type IAMRoleCreator struct {
ClusterName string
StackCreator StackCreator
}
IAMRoleCreator creates IAM resources for a pod identity association.
func (*IAMRoleCreator) Create ¶ added in v0.181.0
func (r *IAMRoleCreator) Create(ctx context.Context, podIdentityAssociation *api.PodIdentityAssociation, addonName string) (string, error)
Create creates IAM resources for podIdentityAssociation. If podIdentityAssociation belongs to an addon, addonName must be non-empty.
type IAMRoleGetter ¶ added in v0.181.0
type IAMRoleGetter interface {
GetRole(ctx context.Context, params *iam.GetRoleInput, optFns ...func(*iam.Options)) (*iam.GetRoleOutput, error)
}
type IAMRoleUpdater ¶ added in v0.181.0
type IAMRoleUpdater struct {
// StackUpdater updates CloudFormation stacks.
StackUpdater StackUpdater
}
IAMRoleUpdater updates IAM resources for pod identity associations.
func (*IAMRoleUpdater) Update ¶ added in v0.181.0
func (u *IAMRoleUpdater) Update(ctx context.Context, podIdentityAssociation api.PodIdentityAssociation, stackName, podIdentityAssociationID string) (string, bool, error)
Update updates IAM resources for podIdentityAssociation and returns an IAM role ARN upon success. The boolean return value reports whether the IAM resources have changed or not.
type IRSAv1StackNameResolver ¶ added in v0.166.0
type IRSAv1StackNameResolver map[string]IRSAv1StackSummary
func (*IRSAv1StackNameResolver) GetStack ¶ added in v0.166.0
func (r *IRSAv1StackNameResolver) GetStack(roleARN string) (IRSAv1StackSummary, bool)
func (*IRSAv1StackNameResolver) Populate ¶ added in v0.166.0
func (r *IRSAv1StackNameResolver) Populate( getIAMServiceAccounts func() ([]*api.ClusterIAMServiceAccount, error), ) error
type IRSAv1StackSummary ¶ added in v0.166.0
type Identifier ¶
type Identifier struct {
// Namespace is the namespace the service account belongs to.
Namespace string
// ServiceAccountName is the name of the Kubernetes ServiceAccount.
ServiceAccountName string
}
Identifier represents a pod identity association.
func ToIdentifiers ¶
func ToIdentifiers(podIdentityAssociations []api.PodIdentityAssociation) []Identifier
ToIdentifiers maps a list of PodIdentityAssociations to a list of Identifiers.
func (Identifier) IDString ¶ added in v0.166.0
func (i Identifier) IDString() string
func (Identifier) NameString ¶ added in v0.166.0
func (i Identifier) NameString() string
type Migrator ¶ added in v0.166.0
type Migrator struct {
// contains filtered or unexported fields
}
func NewMigrator ¶ added in v0.166.0
func NewMigrator( clusterName string, eksAPI awsapi.EKS, iamAPI awsapi.IAM, stackUpdater StackUpdater, clientSet kubernetes.Interface, addonCreator AddonCreator, ) *Migrator
func (*Migrator) MigrateToPodIdentity ¶ added in v0.166.0
func (m *Migrator) MigrateToPodIdentity(ctx context.Context, options PodIdentityMigrationOptions) error
type PodIdentityMigrationOptions ¶ added in v0.166.0
type RoleMigrator ¶ added in v0.181.0
type RoleMigrator interface {
UpdateTrustPolicyForOwnedRoleTask(ctx context.Context, roleName, serviceAccountName string, stack IRSAv1StackSummary, removeOIDCProviderTrustRelationship bool) tasks.Task
UpdateTrustPolicyForUnownedRoleTask(ctx context.Context, roleName string, removeOIDCProviderTrustRelationship bool) tasks.Task
}
A RoleMigrator updates an IAM role to use EKS Pod Identity.
type RoleUpdateValidator ¶ added in v0.181.0
type RoleUpdateValidator struct {
StackDescriber StackDescriber
}
func (*RoleUpdateValidator) ValidateRoleUpdate ¶ added in v0.181.0
func (r *RoleUpdateValidator) ValidateRoleUpdate(pia api.PodIdentityAssociation, association ekstypes.PodIdentityAssociation, hasStack bool) error
ValidateRoleUpdate validates the role associated with pia.
type StackCreator ¶ added in v0.166.0
type StackDeleter ¶
type StackDeleter interface {
StackLister
DeleteStackBySpecSync(ctx context.Context, stack *cfntypes.Stack, errCh chan error) error
}
A StackDeleter lists and deletes CloudFormation stacks.
type StackDescriber ¶ added in v0.181.0
type StackLister ¶
type StackLister interface {
ListPodIdentityStackNames(ctx context.Context) ([]string, error)
DescribeStack(ctx context.Context, stack *manager.Stack) (*manager.Stack, error)
GetStackTemplate(ctx context.Context, stackName string) (string, error)
GetIAMServiceAccounts(ctx context.Context) ([]*api.ClusterIAMServiceAccount, error)
}
A StackLister lists and describes CloudFormation stacks.
type StackUpdater ¶
type StackUpdater interface {
StackLister
// MustUpdateStack updates the CloudFormation stack.
MustUpdateStack(ctx context.Context, options manager.UpdateStackOptions) error
}
A StackUpdater updates CloudFormation stacks.
type UpdateConfig ¶ added in v0.181.0
type UpdateConfig struct {
PodIdentityAssociation api.PodIdentityAssociation
AssociationID string
HasIAMResourcesStack bool
StackName string
}
UpdateConfig holds configuration for updating a pod identity association.
type Updater ¶
type Updater struct {
// ClusterName is the cluster name.
ClusterName string
// StackUpdater updates stacks.
StackUpdater StackUpdater
// APIDeleter updates pod identity associations using the EKS API.
APIUpdater APIUpdater
}
An Updater updates pod identity associations.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.