Documentation
¶
Index ¶
- Variables
- func CreateAddonTasks(ctx context.Context, cfg *api.ClusterConfig, ...) (*tasks.TaskTree, *tasks.TaskTree)
- type CreateClientSet
- type EKSPodIdentityDescriber
- type IAMRoleCreator
- type IAMRoleUpdater
- type Issue
- type Manager
- func (a *Manager) Create(ctx context.Context, addon *api.Addon, iamRoleCreator IAMRoleCreator, ...) error
- func (a *Manager) Delete(ctx context.Context, addon *api.Addon) error
- func (a *Manager) DeleteWithPreserve(ctx context.Context, addon *api.Addon) error
- func (a *Manager) DescribeAllVersions(ctx context.Context, addon *api.Addon) (string, error)
- func (a *Manager) DescribeVersions(ctx context.Context, addon *api.Addon) (string, error)
- func (a *Manager) Get(ctx context.Context, addon *api.Addon) (Summary, error)
- func (a *Manager) GetAll(ctx context.Context) ([]Summary, error)
- func (a *Manager) Update(ctx context.Context, addon *api.Addon, ...) error
- type PodIdentityAssociationSummary
- type PodIdentityAssociationUpdater
- func (p *PodIdentityAssociationUpdater) DeleteRole(ctx context.Context, addonName, serviceAccountName string) (bool, error)
- func (p *PodIdentityAssociationUpdater) UpdateRole(ctx context.Context, podIdentityAssociations []api.PodIdentityAssociation, ...) ([]ekstypes.AddonPodIdentityAssociations, error)
- type PodIdentityIAMUpdater
- type Remover
- type StackManager
- type Summary
Constants ¶
This section is empty.
Variables ¶
View Source
var ( IRSADeprecatedWarning = func(addonName string) string { return fmt.Sprintf("IRSA has been deprecated; %s", iamPermissionsRecommended(addonName, true, false)) } OIDCDisabledWarning = func(addonName string, supportsPodIDs, isIRSASetExplicitly bool) string { irsaUsedMessage := fmt.Sprintf("recommended policies were found for %q addon", addonName) if isIRSASetExplicitly { irsaUsedMessage = fmt.Sprintf("IRSA config is set for %q addon", addonName) } suggestion := "users are responsible for attaching the policies to all nodegroup roles" if supportsPodIDs { suggestion = iamPermissionsRecommended(addonName, true, true) } return fmt.Sprintf("%s, but since OIDC is disabled on the cluster, eksctl cannot configure the requested permissions; %s", irsaUsedMessage, suggestion) } IAMPermissionsRequiredWarning = func(addonName string, supportsPodIDs bool) string { suggestion := iamPermissionsRecommended(addonName, false, true) if supportsPodIDs { suggestion = iamPermissionsRecommended(addonName, true, true) } return fmt.Sprintf("IAM permissions are required for %q addon; %s", addonName, suggestion) } IAMPermissionsNotRequiredWarning = func(addonName string) string { return fmt.Sprintf("IAM permissions are not required for %q addon; any IRSA configuration or pod identity associations will be ignored", addonName) } )
Functions ¶
func CreateAddonTasks ¶
func CreateAddonTasks(ctx context.Context, cfg *api.ClusterConfig, clusterProvider *eks.ClusterProvider, iamRoleCreator IAMRoleCreator, forceAll bool, timeout time.Duration) (*tasks.TaskTree, *tasks.TaskTree)
Types ¶
type CreateClientSet ¶ added in v0.167.0
type CreateClientSet func() (kubeclient.Interface, error)
CreateClientSet creates a Kubernetes ClientSet.
type EKSPodIdentityDescriber ¶ added in v0.181.0
type EKSPodIdentityDescriber interface {
DescribePodIdentityAssociation(ctx context.Context, params *eks.DescribePodIdentityAssociationInput, optFns ...func(*eks.Options)) (*eks.DescribePodIdentityAssociationOutput, error)
}
EKSPodIdentityDescriber describes pod identities.
type IAMRoleCreator ¶ added in v0.181.0
type IAMRoleCreator interface {
// Create creates IAM resources for podIdentityAssociation and returns the IAM role ARN.
Create(ctx context.Context, podIdentityAssociation *api.PodIdentityAssociation, addonName string) (roleARN string, err error)
}
IAMRoleCreator creates IAM resources for a pod identity association.
type IAMRoleUpdater ¶ added in v0.181.0
type IAMRoleUpdater interface {
// Update updates IAM resources for podIdentityAssociation and returns an IAM role ARN upon success. The boolean return value reports
// whether the IAM resources have changed or not.
Update(ctx context.Context, podIdentityAssociation api.PodIdentityAssociation, stackName, podIdentityAssociationID string) (string, bool, error)
}
IAMRoleUpdater updates IAM resources for a pod identity association.
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
func New ¶
func New(clusterConfig *api.ClusterConfig, eksAPI awsapi.EKS, stackManager StackManager, withOIDC bool, oidcManager *iamoidc.OpenIDConnectManager, createClientSet CreateClientSet) (*Manager, error)
func (*Manager) DeleteWithPreserve ¶ added in v0.63.0
func (*Manager) DescribeAllVersions ¶
func (*Manager) DescribeVersions ¶
type PodIdentityAssociationSummary ¶ added in v0.181.0
type PodIdentityAssociationUpdater ¶ added in v0.181.0
type PodIdentityAssociationUpdater struct {
ClusterName string
IAMRoleCreator IAMRoleCreator
IAMRoleUpdater IAMRoleUpdater
EKSPodIdentityDescriber EKSPodIdentityDescriber
StackDeleter podidentityassociation.StackDeleter
}
PodIdentityAssociationUpdater creates or updates IAM resources for pod identities associated with an addon.
func (*PodIdentityAssociationUpdater) DeleteRole ¶ added in v0.181.0
func (p *PodIdentityAssociationUpdater) DeleteRole(ctx context.Context, addonName, serviceAccountName string) (bool, error)
DeleteRole deletes the IAM resources for addonName and serviceAccountName.
func (*PodIdentityAssociationUpdater) UpdateRole ¶ added in v0.181.0
func (p *PodIdentityAssociationUpdater) UpdateRole(ctx context.Context, podIdentityAssociations []api.PodIdentityAssociation, addonName string, existingPodIdentityAssociations []PodIdentityAssociationSummary) ([]ekstypes.AddonPodIdentityAssociations, error)
UpdateRole creates or updates IAM roles for podIdentityAssociations.
type PodIdentityIAMUpdater ¶ added in v0.181.0
type PodIdentityIAMUpdater interface {
// UpdateRole creates or updates IAM resources for podIdentityAssociations.
UpdateRole(ctx context.Context, podIdentityAssociations []api.PodIdentityAssociation, addonName string, existingPodIdentityAssociations []PodIdentityAssociationSummary) ([]ekstypes.AddonPodIdentityAssociations, error)
// DeleteRole deletes the IAM resources for the specified addon.
DeleteRole(ctx context.Context, addonName, serviceAccountName string) (bool, error)
}
PodIdentityIAMUpdater creates or updates IAM resources for pod identity associations.
type Remover ¶ added in v0.161.0
type Remover struct {
// contains filtered or unexported fields
}
func NewRemover ¶ added in v0.161.0
func NewRemover(stackManager StackManager) *Remover
func (*Remover) DeleteAddonIAMTasks ¶ added in v0.161.0
type StackManager ¶
type StackManager interface {
CreateStack(ctx context.Context, name string, stack builder.ResourceSetReader, tags, parameters map[string]string, errs chan error) error
DeleteStackBySpec(ctx context.Context, s *cfntypes.Stack) (*cfntypes.Stack, error)
DeleteStackBySpecSync(ctx context.Context, s *cfntypes.Stack, errs chan error) error
DescribeStack(ctx context.Context, i *cfntypes.Stack) (*cfntypes.Stack, error)
GetIAMAddonsStacks(ctx context.Context) ([]*cfntypes.Stack, error)
UpdateStack(ctx context.Context, options manager.UpdateStackOptions) error
}
StackManager manages CloudFormation stacks for addons.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.