Back to godoc.org
github.com/giantswarm/certs

Package certs

v0.2.0
Latest Go to latest
Published: Mar 24, 2020 | License: Apache-2.0 | Module: github.com/giantswarm/certs

Index

Package Files

Constants

const (
	// DefaultWatchTimeout is the time to wait on watches against the Kubernetes
	// API before giving up and throwing an error.
	DefaultWatchTimeout = 90 * time.Second
)
const (
	SecretNamespace = "default"
)

These constants are used when filtering the secrets, to only retrieve the ones we are interested in.

Variables

var AllCerts = []Cert{
	APICert,
	AppOperatorAPICert,
	AWSOperatorAPICert,
	CalicoEtcdClientCert,
	ClusterOperatorAPICert,
	EtcdCert,
	FlanneldEtcdClientCert,
	InternalAPICert,
	NodeOperatorCert,
	PrometheusCert,
	ServiceAccountCert,
	WorkerCert,
}

AllCerts lists all certificates that can be created by cert-operator.

func IsInvalidConfig

func IsInvalidConfig(err error) bool

func IsInvalidSecret

func IsInvalidSecret(err error) bool

func IsTimeout

func IsTimeout(err error) bool

func IsWrongType

func IsWrongType(err error) bool

func K8sLabels

func K8sLabels(clusterID string, certificate Cert) map[string]string

K8sLabels returns labels for the Kubernetes object for the certificate name and the guest cluster ID.

func K8sName

func K8sName(clusterID string, certificate Cert) string

K8sName returns Kubernetes object name for the certificate name and the guest cluster ID.

type AppOperator

type AppOperator struct {
	APIServer TLS
}

type Cert

type Cert string

Cert is a certificate name.

const (
	APICert                Cert = "api"
	AppOperatorAPICert     Cert = "app-operator-api"
	AWSOperatorAPICert     Cert = "aws-operator-api"
	CalicoEtcdClientCert   Cert = "calico-etcd-client"
	ClusterOperatorAPICert Cert = "cluster-operator-api"
	EtcdCert               Cert = "etcd"
	FlanneldEtcdClientCert Cert = "flanneld-etcd-client"
	InternalAPICert        Cert = "internal-api"
	NodeOperatorCert       Cert = "node-operator"
	PrometheusCert         Cert = "prometheus"
	ServiceAccountCert     Cert = "service-account"
	WorkerCert             Cert = "worker"
)

These constants used as Cert parsing a secret received from the API.

func (Cert) String

func (c Cert) String() string

type Cluster

type Cluster struct {
	APIServer        TLS
	CalicoEtcdClient TLS
	EtcdServer       TLS
	ServiceAccount   TLS
	Worker           TLS
}

type ClusterOperator

type ClusterOperator struct {
	APIServer TLS
}

type Config

type Config struct {
	K8sClient kubernetes.Interface
	Logger    micrologger.Logger

	WatchTimeout time.Duration
}

type Draining

type Draining struct {
	NodeOperator TLS
}

type File

type File struct {
	AbsolutePath string
	Data         []byte
}

type Files

type Files []File

func NewFilesCluster

func NewFilesCluster(cluster Cluster) Files

func NewFilesClusterMaster

func NewFilesClusterMaster(cluster Cluster) Files

func NewFilesClusterWorker

func NewFilesClusterWorker(cluster Cluster) Files

type Interface

type Interface interface {
	// SearchAppOperator searches for secrets containing TLS certs
	// for managed catalogue service.
	SearchAppOperator(clusterID string) (AppOperator, error)
	// SearchCluster searches for secrets containing TLS certs for guest
	// clusters components.
	SearchCluster(clusterID string) (Cluster, error)
	// SearchClusterOperator searches for secrets containing TLS certs for
	// connecting to guest clusters.
	SearchClusterOperator(clusterID string) (ClusterOperator, error)
	// SearchDraining searches for secrets containing TLS certs for
	// draining nodes in guest clusters.
	SearchDraining(clusterID string) (Draining, error)
	// SearchMonitoring searches for secrets containing TLS certs for
	// monitoring guest clusters.
	SearchMonitoring(clusterID string) (Monitoring, error)
	// SearchTLS provides a dedicated way to lookup a single TLS asset for one
	// specific purpose. This might be used for e.g. granting guest cluster
	// access within operators.
	SearchTLS(clusterID string, cert Cert) (TLS, error)
}

type Monitoring

type Monitoring struct {
	KubeStateMetrics TLS
	Prometheus       TLS
}

type Searcher

type Searcher struct {
	// contains filtered or unexported fields
}

func NewSearcher

func NewSearcher(config Config) (*Searcher, error)

func (*Searcher) SearchAppOperator

func (s *Searcher) SearchAppOperator(clusterID string) (AppOperator, error)

func (*Searcher) SearchCluster

func (s *Searcher) SearchCluster(clusterID string) (Cluster, error)

func (*Searcher) SearchClusterOperator

func (s *Searcher) SearchClusterOperator(clusterID string) (ClusterOperator, error)

func (*Searcher) SearchDraining

func (s *Searcher) SearchDraining(clusterID string) (Draining, error)

func (*Searcher) SearchMonitoring

func (s *Searcher) SearchMonitoring(clusterID string) (Monitoring, error)

func (*Searcher) SearchTLS

func (s *Searcher) SearchTLS(clusterID string, cert Cert) (TLS, error)

type TLS

type TLS struct {
	CA, Crt, Key []byte
}
Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier