addon

package
v0.183.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 11, 2024 License: Apache-2.0 Imports: 29 Imported by: 12

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	IRSADeprecatedWarning = func(addonName string) string {
		return fmt.Sprintf("IRSA has been deprecated; %s", iamPermissionsRecommended(addonName, true, false))
	}
	OIDCDisabledWarning = func(addonName string, supportsPodIDs, isIRSASetExplicitly bool) string {
		irsaUsedMessage := fmt.Sprintf("recommended policies were found for %q addon", addonName)
		if isIRSASetExplicitly {
			irsaUsedMessage = fmt.Sprintf("IRSA config is set for %q addon", addonName)
		}
		suggestion := "users are responsible for attaching the policies to all nodegroup roles"
		if supportsPodIDs {
			suggestion = iamPermissionsRecommended(addonName, true, true)
		}
		return fmt.Sprintf("%s, but since OIDC is disabled on the cluster, eksctl cannot configure the requested permissions; %s", irsaUsedMessage, suggestion)
	}
	IAMPermissionsRequiredWarning = func(addonName string, supportsPodIDs bool) string {
		suggestion := iamPermissionsRecommended(addonName, false, true)
		if supportsPodIDs {
			suggestion = iamPermissionsRecommended(addonName, true, true)
		}
		return fmt.Sprintf("IAM permissions are required for %q addon; %s", addonName, suggestion)
	}
	IAMPermissionsNotRequiredWarning = func(addonName string) string {
		return fmt.Sprintf("IAM permissions are not required for %q addon; any IRSA configuration or pod identity associations will be ignored", addonName)
	}
)

Functions

func CreateAddonTasks

func CreateAddonTasks(ctx context.Context, cfg *api.ClusterConfig, clusterProvider *eks.ClusterProvider, iamRoleCreator IAMRoleCreator, forceAll bool, timeout time.Duration) (*tasks.TaskTree, *tasks.TaskTree)

Types

type CreateClientSet added in v0.167.0

type CreateClientSet func() (kubeclient.Interface, error)

CreateClientSet creates a Kubernetes ClientSet.

type EKSPodIdentityDescriber added in v0.181.0

type EKSPodIdentityDescriber interface {
	DescribePodIdentityAssociation(ctx context.Context, params *eks.DescribePodIdentityAssociationInput, optFns ...func(*eks.Options)) (*eks.DescribePodIdentityAssociationOutput, error)
}

EKSPodIdentityDescriber describes pod identities.

type IAMRoleCreator added in v0.181.0

type IAMRoleCreator interface {
	// Create creates IAM resources for podIdentityAssociation and returns the IAM role ARN.
	Create(ctx context.Context, podIdentityAssociation *api.PodIdentityAssociation, addonName string) (roleARN string, err error)
}

IAMRoleCreator creates IAM resources for a pod identity association.

type IAMRoleUpdater added in v0.181.0

type IAMRoleUpdater interface {
	// Update updates IAM resources for podIdentityAssociation and returns an IAM role ARN upon success. The boolean return value reports
	// whether the IAM resources have changed or not.
	Update(ctx context.Context, podIdentityAssociation api.PodIdentityAssociation, stackName, podIdentityAssociationID string) (string, bool, error)
}

IAMRoleUpdater updates IAM resources for a pod identity association.

type Issue added in v0.98.0

type Issue struct {
	Code        string
	Message     string
	ResourceIDs []string
}

type Manager

type Manager struct {
	// contains filtered or unexported fields
}

func New

func New(clusterConfig *api.ClusterConfig, eksAPI awsapi.EKS, stackManager StackManager, withOIDC bool, oidcManager *iamoidc.OpenIDConnectManager, createClientSet CreateClientSet) (*Manager, error)

func (*Manager) Create

func (a *Manager) Create(ctx context.Context, addon *api.Addon, iamRoleCreator IAMRoleCreator, waitTimeout time.Duration) error

func (*Manager) Delete

func (a *Manager) Delete(ctx context.Context, addon *api.Addon) error

func (*Manager) DeleteWithPreserve added in v0.63.0

func (a *Manager) DeleteWithPreserve(ctx context.Context, addon *api.Addon) error

func (*Manager) DescribeAllVersions

func (a *Manager) DescribeAllVersions(ctx context.Context, addon *api.Addon) (string, error)

func (*Manager) DescribeVersions

func (a *Manager) DescribeVersions(ctx context.Context, addon *api.Addon) (string, error)

func (*Manager) Get

func (a *Manager) Get(ctx context.Context, addon *api.Addon) (Summary, error)

func (*Manager) GetAll

func (a *Manager) GetAll(ctx context.Context) ([]Summary, error)

func (*Manager) Update

func (a *Manager) Update(ctx context.Context, addon *api.Addon, podIdentityIAMUpdater PodIdentityIAMUpdater, waitTimeout time.Duration) error

type PodIdentityAssociationSummary added in v0.181.0

type PodIdentityAssociationSummary struct {
	AssociationID  string
	Namespace      string
	ServiceAccount string
	RoleARN        string
}

type PodIdentityAssociationUpdater added in v0.181.0

type PodIdentityAssociationUpdater struct {
	ClusterName             string
	IAMRoleCreator          IAMRoleCreator
	IAMRoleUpdater          IAMRoleUpdater
	EKSPodIdentityDescriber EKSPodIdentityDescriber
	StackDeleter            podidentityassociation.StackDeleter
}

PodIdentityAssociationUpdater creates or updates IAM resources for pod identities associated with an addon.

func (*PodIdentityAssociationUpdater) DeleteRole added in v0.181.0

func (p *PodIdentityAssociationUpdater) DeleteRole(ctx context.Context, addonName, serviceAccountName string) (bool, error)

DeleteRole deletes the IAM resources for addonName and serviceAccountName.

func (*PodIdentityAssociationUpdater) UpdateRole added in v0.181.0

func (p *PodIdentityAssociationUpdater) UpdateRole(ctx context.Context, podIdentityAssociations []api.PodIdentityAssociation, addonName string, existingPodIdentityAssociations []PodIdentityAssociationSummary) ([]ekstypes.AddonPodIdentityAssociations, error)

UpdateRole creates or updates IAM roles for podIdentityAssociations.

type PodIdentityIAMUpdater added in v0.181.0

type PodIdentityIAMUpdater interface {
	// UpdateRole creates or updates IAM resources for podIdentityAssociations.
	UpdateRole(ctx context.Context, podIdentityAssociations []api.PodIdentityAssociation, addonName string, existingPodIdentityAssociations []PodIdentityAssociationSummary) ([]ekstypes.AddonPodIdentityAssociations, error)
	// DeleteRole deletes the IAM resources for the specified addon.
	DeleteRole(ctx context.Context, addonName, serviceAccountName string) (bool, error)
}

PodIdentityIAMUpdater creates or updates IAM resources for pod identity associations.

type Remover added in v0.161.0

type Remover struct {
	// contains filtered or unexported fields
}

func NewRemover added in v0.161.0

func NewRemover(stackManager StackManager) *Remover

func (*Remover) DeleteAddonIAMTasks added in v0.161.0

func (ar *Remover) DeleteAddonIAMTasks(ctx context.Context, wait bool) (*tasks.TaskTree, error)

func (*Remover) DeleteAddonIAMTasksFiltered added in v0.181.0

func (ar *Remover) DeleteAddonIAMTasksFiltered(ctx context.Context, addonName string, wait bool) (*tasks.TaskTree, error)

type StackManager

type StackManager interface {
	CreateStack(ctx context.Context, name string, stack builder.ResourceSetReader, tags, parameters map[string]string, errs chan error) error
	DeleteStackBySpec(ctx context.Context, s *cfntypes.Stack) (*cfntypes.Stack, error)
	DeleteStackBySpecSync(ctx context.Context, s *cfntypes.Stack, errs chan error) error
	DescribeStack(ctx context.Context, i *cfntypes.Stack) (*cfntypes.Stack, error)
	GetIAMAddonsStacks(ctx context.Context) ([]*cfntypes.Stack, error)
	UpdateStack(ctx context.Context, options manager.UpdateStackOptions) error
}

StackManager manages CloudFormation stacks for addons.

type Summary

type Summary struct {
	Name                    string
	Version                 string
	NewerVersion            string
	IAMRole                 string
	Status                  string
	ConfigurationValues     string
	Issues                  []Issue
	PodIdentityAssociations []PodIdentityAssociationSummary
}

Directories

Path Synopsis
Code generated by counterfeiter.
Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL