Documentation
¶
Index ¶
- Variables
- func BootstrapCluster(ctx context.Context, args BootstrapClusterArgs)
- func CreateDevEnv(ctx context.Context, args *CreateDevEnvArgs)
- func DeleteCluster(ctx context.Context)
- func RecoverCluster(ctx context.Context, managementClusterName string, skipPRWorkflow bool)
- func SetupCluster(ctx context.Context, args SetupClusterArgs)
- func SetupKubeAidConfig(ctx context.Context, args SetupKubeAidConfigArgs)
- func TestCluster(ctx context.Context)
- func UpgradeCluster(ctx context.Context, args UpgradeClusterArgs)
- type BootstrapClusterArgs
- type CreateDevEnvArgs
- type ProvisionAndSetupMainClusterArgs
- type SetupClusterArgs
- type SetupKubeAidConfigArgs
- type TemplateValues
- type UpgradeClusterArgs
Constants ¶
This section is empty.
Variables ¶
View Source
var KubeaidConfigFileTemplates embed.FS
Functions ¶
func BootstrapCluster ¶
func BootstrapCluster(ctx context.Context, args BootstrapClusterArgs)
func CreateDevEnv ¶
func CreateDevEnv(ctx context.Context, args *CreateDevEnvArgs)
func DeleteCluster ¶
func RecoverCluster ¶
func SetupCluster ¶
func SetupCluster(ctx context.Context, args SetupClusterArgs)
func SetupKubeAidConfig ¶
func SetupKubeAidConfig(ctx context.Context, args SetupKubeAidConfigArgs)
Does the following :
(1) Creates / updates all necessary files for the given cluster, in the user's KubeAid config repository. (2) Commits and pushes those changes to the upstream. (3) Waits for those changes to get merged into the default branch.
It expects the KubeAid Config repository to be already cloned in the temp directory.
func TestCluster ¶
func UpgradeCluster ¶
func UpgradeCluster(ctx context.Context, args UpgradeClusterArgs)
Types ¶
type BootstrapClusterArgs ¶
type BootstrapClusterArgs struct {
*CreateDevEnvArgs
SkipClusterctlMove bool
}
type CreateDevEnvArgs ¶
type ProvisionAndSetupMainClusterArgs ¶
type ProvisionAndSetupMainClusterArgs struct {
*BootstrapClusterArgs
GitAuthMethod transport.AuthMethod
}
type SetupClusterArgs ¶
type SetupClusterArgs struct {
*CreateDevEnvArgs
ClusterType string
ClusterClient client.Client
GitAuthMethod transport.AuthMethod
}
type SetupKubeAidConfigArgs ¶
type SetupKubeAidConfigArgs struct {
*CreateDevEnvArgs
GitAuthMethod transport.AuthMethod
}
type TemplateValues ¶
type TemplateValues struct {
GeneralConfigFileContents string
config.GitConfig
config.ForksConfig
config.ClusterConfig
*config.KubePrometheusConfig
CAPIClusterNamespace string
AWSConfig *config.AWSConfig
AWSCredentials *config.AWSCredentials
AWSB64EncodedCredentials,
AWSAccountID string
AzureConfig *config.AzureConfig
AzureCredentials *config.AzureCredentials
CAPIUAMIClientID,
VeleroUAMIClientID,
AzureStorageAccountAccessKey,
ServiceAccountIssuerURL string
HetznerConfig *config.HetznerConfig
HetznerCredentials *config.HetznerCredentials
// HetznerBareMetalHostPublicIPs maps each HetznerBareMetalHost
// ServerID to its Robot main IP. Populated at render time via
// Hetzner.GetHetznerBareMetalHostPublicIPs (Robot API call once
// per setup-cluster run). Empty for non-bare-metal Hetzner
// clusters and for non-Hetzner clouds. Consumed by
// values-kubelet-csr-approver.yaml.tmpl to widen the CSR
// allow-list with one /32 per node.
HetznerBareMetalHostPublicIPs map[string]string
BareMetalConfig *config.BareMetalConfig
/*
There are scenarios when we know the control-plane endpoint before the cluster is provisioned :
(1) When provisioning an HCloud / Hetzner hybrid cluster, and we have a VPN cluster.
(2) When provisioning a Bare Metal / Hetzner Bare Metal cluster; the user specifies it.
For Hetzner HCloud / hybrid VPN clusters, the endpoint is either the pre-provisioned
LB private IP, or a configured hostname. When a hostname is configured, kubeaid-cli
renders the hostname and manages bootstrap/private DNS mapping separately.
Otherwise, we need to wait until the cluster has been provisioned. Once the cluster is
provisioned, we get the control-plane endpoint from the Cluster resource. And then it's
specified to Cilium.
NOTE : Initially Cilium is installed using the postKubeadm hook in the KubeadmControlPlane
resource. The control-plane endpoint is determined from the kubeconfig file in the node.
*/
ControlPlaneEndpoint string
// ControlPlaneLBPrivateIP and ControlPlaneLBBootstrapPublicIP
// are the HCloud load-balancer's private (steady-state) and
// bootstrap-only public IPs. Populated only on HCloud-VPN
// clusters where a control-plane endpoint FQDN is configured;
// the CoreDNS ConfigMap renders both as A records for the
// endpoint so resolution works during the bootstrap window
// (public IP) and after NetBird is up (private IP through the
// mesh).
ControlPlaneLBPrivateIP string
ControlPlaneLBBootstrapPublicIP string
// ControlPlaneExtraCertSANs are extra DNS names rendered into
// the chart's values so kubeadm includes them in the apiserver
// TLS cert SAN list (alongside the primary endpoint). Used for
// mesh-side hostnames like a NetBird-form name.
ControlPlaneExtraCertSANs []string
ExtraKnownHosts []string
*config.DisasterRecoveryConfig
*config.ObmondoConfig
*config.ObmondoCredentials
// Subject CN of the Obmondo-issued mTLS cert (ObmondoConfig.CertPath),
// populated when Obmondo.Monitoring is true. Used in
// cluster-vars.jsonnet.tmpl as the required `certname` field.
ObmondoCertCN string
// Raw file contents of ObmondoConfig.CertPath / KeyPath, populated when
// Obmondo.Monitoring is true. Base64-encoded into the obmondo-clientcert
// sealed-secret templates.
ObmondoCertFileContents string
ObmondoKeyFileContents string
// KeycloakAdminPassword is the plaintext password templated into
// the keycloak-admin SealedSecret. Populated only when
// managedKeycloakEnabled.
KeycloakAdminPassword string
// NetBirdBackendClientSecret is the pre-generated OIDC client
// secret for the `netbird-backend` confidential client. The
// same value is templated into the netbird SealedSecret AND
// passed through to ReconcileClient as spec.Secret so Keycloak
// stores what NetBird's chart already expects in the cluster
// Secret — single git push, single sync.
NetBirdBackendClientSecret string
// Random keys read-or-generated for the netbird Secret on
// managed-Keycloak VPN clusters. Each is persisted in the
// in-cluster Secret so re-runs converge to the same value.
// DatastoreKey base64(32 bytes) -> NetBird Mgmt's AES key
// RelayPassword alphanumeric -> Relay shared secret
// TurnPassword alphanumeric -> matches TURN auth on
// both Mgmt and Coturn
NetBirdDatastoreKey string
NetBirdRelayPassword string
NetBirdTurnPassword string
// Constant client IDs the gocloak reconciler creates in the
// realm. Surfaced to templates so the netbird Secret renders
// the same identifiers without hardcoding strings in YAML.
NetBirdClientID string
NetBirdBackendClientID string
// NetBirdPostgresDSN is the libpq URI Mgmt uses to connect to
// the CNPG-managed Postgres. Empty on the very first render
// (CNPG hasn't generated the password yet); patched into the
// in-cluster Secret post-sync, then read-back here on
// subsequent runs so the SealedSecret in git stays correct.
NetBirdPostgresDSN string
// NetBirdManagementURL is the NetBird Mgmt endpoint the
// netbird-operator targets — without it the operator binary
// defaults to NetBird Cloud (api.netbird.io), which is never
// right for kubeaid clusters. cluster.netbird.dns on VPN
// clusters (they host Mgmt themselves); derived via the
// netbird.<base> Keycloak-DNS convention on workload clusters.
// Empty when underivable — the values overlay then omits
// managementURL and the operator must be wired manually.
NetBirdManagementURL string
// NetBirdAPIKey is secrets.yaml's netbird.apiKey (a Mgmt
// service-user access token), sealed into the
// netbird/netbird-mgmt-api-key Secret the operator reads.
// Empty when the operator hasn't minted one yet — the matching
// SealedSecret template is skipped and bootstrap pauses at
// awaitNetBirdOperatorToken instead.
NetBirdAPIKey string
// KubeaidStoragectlVersion is the pinned kubeaid-storagectl release
// tag rendered into global.kubeaidStoragectl.version in the
// capi-cluster Helm values. Empty for dev/local builds so the chart
// falls back to its own `latest` logic; set to globals.KubeaidCLIVersion
// for release builds so each bare-metal node downloads the storagectl
// binary that matches the kubeaid-cli release that bootstrapped it.
KubeaidStoragectlVersion string
}
type UpgradeClusterArgs ¶
Source Files
¶
- await_netbird_operator_token.go
- bootstrap_cluster.go
- create_dev_env.go
- delete_cluster.go
- hcloud_credentials.go
- keycloak_bootstrap.go
- kube_prom_builder.go
- netbird_postgres.go
- post_bootstrap_info.go
- recover_cluster.go
- setup_cluster.go
- setup_kubeaid_config.go
- templates.go
- test_cluster.go
- upgrade_cluster.go
- verify_vpn_endpoints.go
Click to show internal directories.
Click to hide internal directories.