bootstrap

package
v1.28.0-alpha.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 10, 2023 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrAlreadyExists = errors.New("node already exists")

Functions

func BuildChallengeServerCertificate added in v1.27.0

func BuildChallengeServerCertificate(clusterName string) (*tls.Certificate, error)

Types

type Authenticator

type Authenticator interface {
	CreateToken(body []byte) (string, error)
}

Authenticator generates authentication credentials for requests.

type Challenge added in v1.27.0

type Challenge struct {
	ChallengeID     string
	ChallengeSecret []byte
}

type ChallengeClient added in v1.27.0

type ChallengeClient struct {
	// contains filtered or unexported fields
}

func NewChallengeClient added in v1.27.0

func NewChallengeClient(keystore pki.Keystore) (*ChallengeClient, error)

func (*ChallengeClient) DoCallbackChallenge added in v1.27.0

func (c *ChallengeClient) DoCallbackChallenge(ctx context.Context, clusterName string, targetEndpoint string, bootstrapRequest *nodeup.BootstrapRequest) error

type ChallengeListener added in v1.27.0

type ChallengeListener struct {
	// contains filtered or unexported fields
}

func (*ChallengeListener) CreateChallenge added in v1.27.0

func (s *ChallengeListener) CreateChallenge() *nodeup.ChallengeRequest

func (*ChallengeListener) Endpoint added in v1.27.0

func (s *ChallengeListener) Endpoint() string

func (*ChallengeListener) Stop added in v1.27.0

func (s *ChallengeListener) Stop()

type ChallengeServer added in v1.27.0

type ChallengeServer struct {
	RequiredSubject pkix.Name

	pb.UnimplementedCallbackServiceServer
	// contains filtered or unexported fields
}

func NewChallengeServer added in v1.27.0

func NewChallengeServer(clusterName string, caBundle []byte) (*ChallengeServer, error)

func (*ChallengeServer) Challenge added in v1.27.0

Answers challenges to cross-check bootstrap requests.

func (*ChallengeServer) NewListener added in v1.27.0

func (s *ChallengeServer) NewListener(ctx context.Context, listen string) (*ChallengeListener, error)

type Verifier

type Verifier interface {
	VerifyToken(ctx context.Context, rawRequest *http.Request, token string, body []byte, useInstanceIDForNodeName bool) (*VerifyResult, error)
}

Verifier verifies authentication credentials for requests.

type VerifyResult

type VerifyResult struct {
	// Nodename is the name that this node is authorized to use.
	NodeName string

	// InstanceGroupName is the name of the kops InstanceGroup this node is a member of.
	InstanceGroupName string

	// CertificateNames is the alternate names the node is authorized to use for certificates.
	CertificateNames []string

	// ChallengeEndpoint is a valid endpoints to which we should issue a challenge request,
	// corresponding to the node the request identified as.
	// This should be sourced from e.g. the cloud, and acts as a cross-check
	// that this is the correct instance.
	ChallengeEndpoint string
}

VerifyResult is the result of a successfully verified request.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL