v2.14.13+incompatible Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Apr 2, 2021 License: Apache-2.0 Imports: 22 Imported by: 0




View Source
const (
	OAuthBootstrapSecretName       = "kubeadmin"
	OAuthBootstrapEncryptedkeyName = "encrypted"
View Source
const ConsoleOAuthClientName = "console"

ConsoleOAuthClientName is the name of the OAuthClient object created for the openshift console

View Source
const (

	// TokenOwnerServiceAccountName is the name of the ServiceAccount used to back the
	// admin kubeconfig our API hands out
	TokenOwnerServiceAccountName = "cluster-admin"


This section is empty.


func AESDecrypt

func AESDecrypt(data, key []byte) ([]byte, error)

func APIServerNSCreatorGetter

func APIServerNSCreatorGetter() (string, reconciling.NamespaceCreator)

func APIServicecreatorGetterFactory

func APIServicecreatorGetterFactory(clusterNS string) reconciling.NamedServiceCreatorGetter

func CloudCredentialOperatorNSGetter

func CloudCredentialOperatorNSGetter() (string, reconciling.NamespaceCreator)

CloudCredentialOperatorNSGetter creates the namespace in which all credentialsrequests end up

func CloudCredentialSecretCreator

func CloudCredentialSecretCreator(templateSecret corev1.Secret) reconciling.NamedSecretCreatorGetter

func ClusterVersionCreatorGetter

func ClusterVersionCreatorGetter(clusterNamespaceName string) reconciling.NamedUnstructuredCreatorGetter

ClusterVersionCreatorGetter returns the ClusterVersionCreator

func ConsoleOAuthClientCreator

func ConsoleOAuthClientCreator(consoleCallbackURI string) reconciling.NamedUnstructuredCreatorGetter

func ControllerManagerNSCreatorGetter

func ControllerManagerNSCreatorGetter() (string, reconciling.NamespaceCreator)

func ControlplaneConfigCreator

func ControlplaneConfigCreator(platformName string) reconciling.NamedConfigMapCreatorGetter

func GetAPIServicesForOpenshiftVersion

func GetAPIServicesForOpenshiftVersion(openshiftVersion string, caBundle []byte) ([]reconciling.NamedAPIServiceCreatorGetter, error)

GetAPIServicesForOpenshiftVersion returns all the NamedAPIServiceCreatorGetters for the given Openshift version or an error

func GetOAuthEncryptionKey

func GetOAuthEncryptionKey(ctx context.Context, seedClient ctrlruntimeclient.Client, seedNamespace string) ([]byte, error)

GetOAuthEncryptionKey fetches the key used to encrypt the OAuthBootstrapPassword in the usercluster. We simply use the UID of the CA secret, as it it should be very hard to guess.

func InfrastructureCreatorGetter

func InfrastructureCreatorGetter(platform string) reconciling.NamedUnstructuredCreatorGetter

InfrastructureCreatorGetter returns the Infrastructure object. It is needed by the cloud-credential-operator.

func KubeSchedulerNSCreatorGetter

func KubeSchedulerNSCreatorGetter() (string, reconciling.NamespaceCreator)

func KubeSchedulerRoleBindingCreatorGetter

func KubeSchedulerRoleBindingCreatorGetter() (string, reconciling.RoleBindingCreator)

func KubeSchedulerRoleCreatorGetter

func KubeSchedulerRoleCreatorGetter() (string, reconciling.RoleCreator)

KubeSystemRoleCreator returns the func to create/update the Role for the machine controller to allow reading secrets

func NetworkOperatorNSGetter

func NetworkOperatorNSGetter() (string, reconciling.NamespaceCreator)

The network-operator runs in the seed but still creates some stuff in this NS

func OAuthBootstrapPasswordCreatorGetter

func OAuthBootstrapPasswordCreatorGetter(seedClient ctrlruntimeclient.Client, seedNamespace string) reconciling.NamedSecretCreatorGetter

OAuthBootstrapPassword is the password we use to authenticate the dashboard against the OAuth service. It must be created in the kube-system namespace. We also have to transport its raw value into the seed, because its used by the Openshift Console endpoint to authenticate against the oauth service. To not expose the raw value to the user, we AES encrypt it using the admin token as key (Anyone with that token may do everything in the seed anyways).

func RegistryNSGetter

func RegistryNSGetter() (string, reconciling.NamespaceCreator)

RegistryNSGetter is used to create the namespace in which the registry operator creates the registry

func RegistryServingCert

func RegistryServingCert(caCert *triple.KeyPair) reconciling.NamedSecretCreatorGetter

func TokenOwnerServiceAccount

func TokenOwnerServiceAccount() (string, reconciling.ServiceAccountCreator)

TokenOwnerServiceAccount is the ServiceAccount that owns the secret which we put onto the kubeconfig that is in the seed

func TokenOwnerServiceAccountClusterRoleBinding

func TokenOwnerServiceAccountClusterRoleBinding() (string, reconciling.ClusterRoleBindingCreator)

TokenOwnerServiceAccountClusterRoleBinding is the clusterrolebinding that gives the TokenOwnerServiceAccount admin powers


This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL