credentials

Documentation

Index

• Constants
• func Any(credentialsFilePath string) (map[string]string, error)
• func Ensure(s *state.State) error
• func EnvVarBindings(secretName string, creds map[string]string) []corev1.EnvVar
• func ProviderCredentials(cloudProvider kubeoneapi.CloudProviderSpec, credentialsFilePath string, ...) (map[string]string, error)
• type ProviderEnvironmentVariable
• type Type

Constants

const (
	// Variables that KubeOne (and Terraform) expect to see
	AWSAccessKeyID                       = "AWS_ACCESS_KEY_ID"
	AWSSecretAccessKey                   = "AWS_SECRET_ACCESS_KEY" //nolint:gosec
	AzureClientID                        = "ARM_CLIENT_ID"
	AzureClientSecret                    = "ARM_CLIENT_SECRET" //nolint:gosec
	AzureTenantID                        = "ARM_TENANT_ID"
	AzureSubscriptionID                  = "ARM_SUBSCRIPTION_ID"
	DigitalOceanTokenKey                 = "DIGITALOCEAN_TOKEN"
	GoogleServiceAccountKey              = "GOOGLE_CREDENTIALS"
	HetznerTokenKey                      = "HCLOUD_TOKEN"
	KubevirtKubeconfigKey                = "KUBEVIRT_KUBECONFIG"
	NutanixEndpoint                      = "NUTANIX_ENDPOINT"
	NutanixPort                          = "NUTANIX_PORT"
	NutanixUsername                      = "NUTANIX_USERNAME"
	NutanixPassword                      = "NUTANIX_PASSWORD"
	NutanixInsecure                      = "NUTANIX_INSECURE"
	NutanixProxyURL                      = "NUTANIX_PROXY_URL"
	NutanixClusterName                   = "NUTANIX_CLUSTER_NAME"
	NutanixPEEndpoint                    = "NUTANIX_PE_ENDPOINT"
	NutanixPEUsername                    = "NUTANIX_PE_USERNAME"
	NutanixPEPassword                    = "NUTANIX_PE_PASSWORD" //nolint:gosec
	OpenStackAuthURL                     = "OS_AUTH_URL"
	OpenStackDomainName                  = "OS_DOMAIN_NAME"
	OpenStackPassword                    = "OS_PASSWORD"
	OpenStackRegionName                  = "OS_REGION_NAME"
	OpenStackTenantID                    = "OS_TENANT_ID"
	OpenStackTenantName                  = "OS_TENANT_NAME"
	OpenStackUserName                    = "OS_USERNAME"
	OpenStackApplicationCredentialID     = "OS_APPLICATION_CREDENTIAL_ID"
	OpenStackApplicationCredentialSecret = "OS_APPLICATION_CREDENTIAL_SECRET"
	EquinixMetalAuthToken                = "METAL_AUTH_TOKEN" //nolint:gosec
	EquinixMetalProjectID                = "METAL_PROJECT_ID"
	// TODO: Remove Packet env vars after deprecation period.
	PacketAPIKey    = "PACKET_API_KEY"    //nolint:gosec
	PacketProjectID = "PACKET_PROJECT_ID" //nolint:gosec
	VSphereAddress  = "VSPHERE_SERVER"
	VSpherePassword = "VSPHERE_PASSWORD"
	VSphereUsername = "VSPHERE_USER"
	// VMware Cloud Director Credentials
	VMwareCloudDirectorUsername     = "VCD_USER"
	VMwareCloudDirectorPassword     = "VCD_PASSWORD"
	VMwareCloudDirectorAPIToken     = "VCD_API_TOKEN" //nolint:gosec
	VMwareCloudDirectorOrganization = "VCD_ORG"
	VMwareCloudDirectorURL          = "VCD_URL"
	VMwareCloudDirectorVDC          = "VCD_VDC"
	VMwareCloudDirectorSkipTLS      = "VCD_ALLOW_UNVERIFIED_SSL"

	// Variables that machine-controller expects
	AzureClientIDMC           = "AZURE_CLIENT_ID"
	AzureClientSecretMC       = "AZURE_CLIENT_SECRET" //nolint:gosec
	AzureTenantIDMC           = "AZURE_TENANT_ID"
	AzureSubscriptionIDMC     = "AZURE_SUBSCRIPTION_ID"
	DigitalOceanTokenKeyMC    = "DO_TOKEN"
	GoogleServiceAccountKeyMC = "GOOGLE_SERVICE_ACCOUNT"
	HetznerTokenKeyMC         = "HZ_TOKEN"
	OpenStackUserNameMC       = "OS_USER_NAME"
	VSphereAddressMC          = "VSPHERE_ADDRESS"
	VSphereUsernameMC         = "VSPHERE_USERNAME"
)

The environment variable names with credential in them

const (
	// SecretNameCCM is name of the secret which contains the cloud provider credentials for CCM
	SecretNameCCM = "kubeone-ccm-credentials" //nolint:gosec
	// SecretNameMC is name of the secret which contains the cloud provider credentials for machine-controller
	SecretNameMC = "kubeone-machine-controller-credentials"
	// SecretNameOSM is name of the secret which contains the cloud provider credentials for operating-system-manager
	SecretNameOSM = "kubeone-operating-system-manager-credentials"
	// SecretNameLegacy is name of the secret created by earlier KubeOne versions, but not used anymore
	// This secret will be removed for all clusters when running kubeone apply the next time
	SecretNameLegacy = "cloud-provider-credentials"
	// SecretNamespace is namespace of the credentials secret
	SecretNamespace = "kube-system"
	// VsphereSecretName is name of the secret which contains the vSphere credentials
	// used by the cloud provider integrations (CCM, CSI)
	VsphereSecretName = "vsphere-ccm-credentials" //nolint:gosec
	// VsphereSecretNamespace is namespace of the vSphere credentials secret
	VsphereSecretNamespace = "kube-system"
	// CloudConfigSecretName is name of the secret which contains the cloud-config file
	CloudConfigSecretName = "cloud-config" //nolint:gosec
	// CloudConfigSecretNamespace is namespace of the cloud-config secret
	CloudConfigSecretNamespace = "kube-system"
)

Functions

func Any

func Any(credentialsFilePath string) (map[string]string, error)

func Ensure

func Ensure(s *state.State) error

Ensure creates/updates the credentials secret

func EnvVarBindings

func EnvVarBindings(secretName string, creds map[string]string) []corev1.EnvVar

func ProviderCredentials

func ProviderCredentials(cloudProvider kubeoneapi.CloudProviderSpec, credentialsFilePath string, credentialsType Type) (map[string]string, error)

ProviderCredentials implements fetching credentials for each supported provider

Types

type ProviderEnvironmentVariable

type ProviderEnvironmentVariable struct {
	Name                  string
	MachineControllerName string
}

ProviderEnvironmentVariable is used to match environment variable used by KubeOne to environment variable used by machine-controller.

type Type

type Type string

Type is a type of credentials that should be fetched

const (
	TypeUniversal Type = ""
	TypeCCM       Type = "CCM"
	TypeMC        Type = "MC"
	TypeOSM       Type = "OSM"
)