Documentation
¶
Index ¶
- Constants
- Variables
- func BaseKubeConfigFromBootStrap(bootstrapConfig *clientcmdapi.Config) (*clientcmdapi.Config, error)
- func IsHubKubeConfigValidFunc(driver RegisterDriver, secretOption SecretOption) wait.ConditionWithContextFunc
- func IsHubKubeconfigValid(bootstrapKubeConfig, hubeKubeConfig *clientcmdapi.Config) (bool, error)
- func NewSecretController(secretOption SecretOption, option any, driver RegisterDriver, ...) factory.Controller
- type AggregatedApprover
- type Approver
- type NoopApprover
- type RegisterDriver
- type SecretOption
- type StatusUpdateFunc
Constants ¶
View Source
const ( DefaultKubeConfigContext = "default-context" DefaultKubeConfigAuth = "default-auth" ClusterNameFile = "cluster-name" AgentNameFile = "agent-name" // KubeconfigFile is the name of the kubeconfig file in kubeconfigSecret KubeconfigFile = "kubeconfig" )
Variables ¶
View Source
var ControllerResyncInterval = 5 * time.Minute
ControllerResyncInterval is exposed so that integration tests can crank up the constroller sync speed.
Functions ¶
func BaseKubeConfigFromBootStrap ¶
func BaseKubeConfigFromBootStrap(bootstrapConfig *clientcmdapi.Config) (*clientcmdapi.Config, error)
BaseKubeConfigFromBootStrap builds kubeconfig from bootstrap without authInfo configurations
func IsHubKubeConfigValidFunc ¶
func IsHubKubeConfigValidFunc(driver RegisterDriver, secretOption SecretOption) wait.ConditionWithContextFunc
func IsHubKubeconfigValid ¶
func IsHubKubeconfigValid(bootstrapKubeConfig, hubeKubeConfig *clientcmdapi.Config) (bool, error)
The hub kubeconfig is valid when it shares the same value of the following with the bootstrap hub kubeconfig. 1. The hub server 2. The proxy url 3. The CA bundle 4. The current context cluster name
func NewSecretController ¶
func NewSecretController( secretOption SecretOption, option any, driver RegisterDriver, statusUpdater StatusUpdateFunc, recorder events.Recorder, controllerName string, ) factory.Controller
NewSecretController return an instance of secretController
Types ¶
type AggregatedApprover ¶
type AggregatedApprover struct {
// contains filtered or unexported fields
}
AggregatedApprover is a list of approver that hub controller will run at the same time
func (*AggregatedApprover) Cleanup ¶
func (a *AggregatedApprover) Cleanup(ctx context.Context, cluster *clusterv1.ManagedCluster) error
type Approver ¶
type Approver interface {
// Run starts a reconciler on the hub side to monitor the registration request and approve the request
// if necessary. This is a blocking call.
Run(ctx context.Context, workers int)
// Cleanup is executed when hubAcceptClient in ManagedCluster is set false or cluster is deleting. The hub controller
// deletes rolebindings for the agent, and then this is the additional operation a driver should process.
Cleanup(ctx context.Context, cluster *clusterv1.ManagedCluster) error
}
Approvers is the inteface that each driver should implement on hub side. The hub controller will use this driver to check the registration request from the agent and cleanup.
func NewAggregatedApprover ¶
func NewNoopApprover ¶
func NewNoopApprover() Approver
type NoopApprover ¶
type NoopApprover struct{}
NoopApprover is an approver with no operation, for testing
func (*NoopApprover) Cleanup ¶
func (a *NoopApprover) Cleanup(_ context.Context, _ *clusterv1.ManagedCluster) error
type RegisterDriver ¶
type RegisterDriver interface {
// IsHubKubeConfigValid is to check if the current hube-kubeconfig is valid. It is called before
// and after bootstrap to confirm if the bootstrap is finished.
IsHubKubeConfigValid(ctx context.Context, secretOption SecretOption) (bool, error)
// BuildKubeConfigFromTemplate builds the kubeconfig from the template kubeconfig
BuildKubeConfigFromTemplate(template *clientcmdapi.Config) *clientcmdapi.Config
// Process update secret with credentials
Process(
ctx context.Context,
name string,
secret *corev1.Secret,
additionalSecretData map[string][]byte,
recorder events.Recorder, opt any) (*corev1.Secret, *metav1.Condition, error)
// InformerHandler returns informer of the related object. If no object needs to be watched, the func could
// return nil, nil.
InformerHandler(option any) (cache.SharedIndexInformer, factory.EventFilterFunc)
}
RegisterDriver is the interface that each driver should implement for the agent. The agent uses the driver to build the kubeconfig or other crendential to connect to the hub cluster.
type SecretOption ¶
type SecretOption struct {
// SecretNamespace is the namespace of the secret containing client certificate.
SecretNamespace string
// SecretName is the name of the secret containing client certificate. The secret will be created if
// it does not exist.
SecretName string
// BootStrapKubeConfig is the kubeconfig to generate hubkubeconfig, if set, create kubeconfig value
// in the secret.
BootStrapKubeConfig *clientcmdapi.Config
// ClusterName is the cluster name, and it is set as a secret value if it is set.
ClusterName string
// AgentName is the agent name and it is set as a secret value if it is set.
AgentName string
HubKubeconfigFile string
HubKubeconfigDir string
ManagementSecretInformer cache.SharedIndexInformer
ManagementCoreClient corev1client.CoreV1Interface
}
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
package csr contains the hub-side reconciler for auto approving the renewal CertificateSigningRequests for an accepted managed cluster, and the agent-side driver to request csr.
|
package csr contains the hub-side reconciler for auto approving the renewal CertificateSigningRequests for an accepted managed cluster, and the agent-side driver to request csr. |
Click to show internal directories.
Click to hide internal directories.