bootstrap

package

v1.28.7 Latest Latest Go to latest Published: Jul 19, 2024 License: Apache-2.0 Imports: 27 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes/kops

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func BuildChallengeServerCertificate(clusterName string) (*tls.Certificate, error)
type Authenticator
type Challenge
type ChallengeClient
- func NewChallengeClient(keystore pki.Keystore) (*ChallengeClient, error)
- func (c *ChallengeClient) DoCallbackChallenge(ctx context.Context, clusterName string, targetEndpoint string, ...) error
type ChallengeListener
type ChallengeServer
- func NewChallengeServer(clusterName string, caBundle []byte) (*ChallengeServer, error)
- func (s *ChallengeServer) Challenge(ctx context.Context, req *pb.ChallengeRequest) (*pb.ChallengeResponse, error)
- func (s *ChallengeServer) NewListener(ctx context.Context, listen string) (*ChallengeListener, error)
type Verifier
type VerifyResult

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrAlreadyExists = errors.New("node already exists")

Functions ¶

func BuildChallengeServerCertificate ¶ added in v1.27.0

func BuildChallengeServerCertificate(clusterName string) (*tls.Certificate, error)

Types ¶

type Authenticator ¶

type Authenticator interface {
	CreateToken(body []byte) (string, error)
}

Authenticator generates authentication credentials for requests.

type Challenge ¶ added in v1.27.0

type Challenge struct {
	ChallengeID     string
	ChallengeSecret []byte
}

type ChallengeClient ¶ added in v1.27.0

type ChallengeClient struct {
	// contains filtered or unexported fields
}

func NewChallengeClient ¶ added in v1.27.0

func NewChallengeClient(keystore pki.Keystore) (*ChallengeClient, error)

func (*ChallengeClient) DoCallbackChallenge ¶ added in v1.27.0

func (c *ChallengeClient) DoCallbackChallenge(ctx context.Context, clusterName string, targetEndpoint string, bootstrapRequest *nodeup.BootstrapRequest) error

type ChallengeListener ¶ added in v1.27.0

type ChallengeListener struct {
	// contains filtered or unexported fields
}

func (*ChallengeListener) CreateChallenge ¶ added in v1.27.0

func (s *ChallengeListener) CreateChallenge() *nodeup.ChallengeRequest

func (*ChallengeListener) Endpoint ¶ added in v1.27.0

func (s *ChallengeListener) Endpoint() string

func (*ChallengeListener) Stop ¶ added in v1.27.0

func (s *ChallengeListener) Stop()

type ChallengeServer ¶ added in v1.27.0

type ChallengeServer struct {
	RequiredSubject pkix.Name

	pb.UnimplementedCallbackServiceServer
	// contains filtered or unexported fields
}

func NewChallengeServer ¶ added in v1.27.0

func NewChallengeServer(clusterName string, caBundle []byte) (*ChallengeServer, error)

func (*ChallengeServer) Challenge ¶ added in v1.27.0

func (s *ChallengeServer) Challenge(ctx context.Context, req *pb.ChallengeRequest) (*pb.ChallengeResponse, error)

Answers challenges to cross-check bootstrap requests.

func (*ChallengeServer) NewListener ¶ added in v1.27.0

func (s *ChallengeServer) NewListener(ctx context.Context, listen string) (*ChallengeListener, error)

type Verifier ¶

type Verifier interface {
	VerifyToken(ctx context.Context, rawRequest *http.Request, token string, body []byte, useInstanceIDForNodeName bool) (*VerifyResult, error)
}

Verifier verifies authentication credentials for requests.

type VerifyResult ¶

type VerifyResult struct {
	// Nodename is the name that this node is authorized to use.
	NodeName string

	// InstanceGroupName is the name of the kops InstanceGroup this node is a member of.
	InstanceGroupName string

	// CertificateNames is the alternate names the node is authorized to use for certificates.
	CertificateNames []string

	// ChallengeEndpoint is a valid endpoints to which we should issue a challenge request,
	// corresponding to the node the request identified as.
	// This should be sourced from e.g. the cloud, and acts as a cross-check
	// that this is the correct instance.
	ChallengeEndpoint string
}

VerifyResult is the result of a successfully verified request.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL