controlplane

package
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 8, 2021 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var APIServerDefaultArgs = []string{
	"--advertise-address=127.0.0.1",
	"--etcd-servers={{ if .EtcdURL }}{{ .EtcdURL.String }}{{ end }}",
	"--cert-dir={{ .CertDir }}",
	"--insecure-port={{ if .URL }}{{ .URL.Port }}{{else}}0{{ end }}",
	"{{ if .URL }}--insecure-bind-address={{ .URL.Hostname }}{{ end }}",
	"--secure-port={{ if .SecurePort }}{{ .SecurePort }}{{ end }}",

	"--disable-admission-plugins=ServiceAccount",
	"--service-cluster-ip-range=10.0.0.0/24",
	"--allow-privileged=true",
}

APIServerDefaultArgs exposes the default args for the APIServer so that you can use those to append your own additional arguments.

Note that these arguments don't handle newer API servers well to due the more complex feature detection neeeded. It's recommended that you switch to .Configure as you upgrade API server versions.

Deprecated: use APIServer.Configure().

View Source 
var EtcdDefaultArgs = []string{
	"--listen-peer-urls=http://localhost:0",
	"--advertise-client-urls={{ if .URL }}{{ .URL.String }}{{ end }}",
	"--listen-client-urls={{ if .URL }}{{ .URL.String }}{{ end }}",
	"--data-dir={{ .DataDir }}",
}

EtcdDefaultArgs exposes the default args for Etcd so that you can use those to append your own additional arguments.

View Source 
var NewTinyCA = certs.NewTinyCA

NewTinyCA creates a new a tiny CA utility for provisioning serving certs and client certs FOR TESTING ONLY. Don't use this for anything else!

Functions

func APIServerArguments 

func APIServerArguments(s *APIServer) []string

APIServerArguments is an internal-only (NEVER SHOULD BE EXPOSED) function that sets up the API server just before starting it, without actually starting it. It's public to make testing easier.

NB(directxman12): do not expose this outside of internal.

func KubeConfigFromREST 

func KubeConfigFromREST(cfg *rest.Config) ([]byte, error)

KubeConfigFromREST reverse-engineers a kubeconfig file from a rest.Config. The options are tailored towards the rest.Configs we generate, so they're not broadly applicable.

This is not intended to be exposed beyond internal for the above reasons.

func PrepareAPIServer 

func PrepareAPIServer(s *APIServer) error

PrepareAPIServer is an internal-only (NEVER SHOULD BE EXPOSED) function that sets up the API server just before starting it, without actually starting it. This saves time on tests.

NB(directxman12): do not expose this outside of internal -- it's unsafe to use, because things like port allocation could race even more than they currently do if you later call start!

Types

type APIServer 

type APIServer struct {
	// URL is the address the ApiServer should listen on for client
	// connections.
	//
	// If set, this will configure the *insecure* serving details.
	// If unset, it will contain the insecure port if insecure serving is enabled,
	// and otherwise will contain the secure port.
	//
	// If this is not specified, we default to a random free port on localhost.
	//
	// Deprecated: use InsecureServing (for the insecure URL) or SecureServing, ideally.
	URL *url.URL

	// SecurePort is the additional secure port that the APIServer should listen on.
	//
	// If set, this will override SecureServing.Port.
	//
	// Deprecated: use SecureServing.
	SecurePort int

	// SecureServing indicates how the API server will serve on the secure port.
	//
	// Some parts are configurable.  Will be defaulted if unset.
	SecureServing

	// InsecureServing indicates how the API server will serve on the insecure port.
	//
	// If unset, the insecure port will be disabled.  Set to an empty struct to get
	// default values.
	//
	// Deprecated: does not work with Kubernetes versions 1.20 and above.  Use secure
	// serving instead.
	InsecureServing *process.ListenAddr

	// Path is the path to the apiserver binary.
	//
	// If this is left as the empty string, we will attempt to locate a binary,
	// by checking for the TEST_ASSET_KUBE_APISERVER environment variable, and
	// the default test assets directory. See the "Binaries" section above (in
	// doc.go) for details.
	Path string

	// Args is a list of arguments which will passed to the APIServer binary.
	// Before they are passed on, they will be evaluated as go-template strings.
	// This means you can use fields which are defined and exported on this
	// APIServer struct (e.g. "--cert-dir={{ .Dir }}").
	// Those templates will be evaluated after the defaulting of the APIServer's
	// fields has already happened and just before the binary actually gets
	// started. Thus you have access to calculated fields like `URL` and others.
	//
	// If not specified, the minimal set of arguments to run the APIServer will
	// be used.
	//
	// They will be loaded into the same argument set as Configure.  Each flag
	// will be Append-ed to the configured arguments just before launch.
	//
	// Deprecated: use Configure instead.
	Args []string

	// CertDir is a path to a directory containing whatever certificates the
	// APIServer will need.
	//
	// If left unspecified, then the Start() method will create a fresh temporary
	// directory, and the Stop() method will clean it up.
	CertDir string

	// EtcdURL is the URL of the Etcd the APIServer should use.
	//
	// If this is not specified, the Start() method will return an error.
	EtcdURL *url.URL

	// StartTimeout, StopTimeout specify the time the APIServer is allowed to
	// take when starting and stoppping before an error is emitted.
	//
	// If not specified, these default to 20 seconds.
	StartTimeout time.Duration
	StopTimeout  time.Duration

	// Out, Err specify where APIServer should write its StdOut, StdErr to.
	//
	// If not specified, the output will be discarded.
	Out io.Writer
	Err io.Writer
	// contains filtered or unexported fields
}

APIServer knows how to run a kubernetes apiserver.

func (*APIServer) Configure 

func (s *APIServer) Configure() *process.Arguments

Configure returns Arguments that may be used to customize the flags used to launch the API server. A set of defaults will be applied underneath.

func (*APIServer) Start 

func (s *APIServer) Start() error

Start starts the apiserver, waits for it to come up, and returns an error, if occurred.

func (*APIServer) Stop 

func (s *APIServer) Stop() error

Stop stops this process gracefully, waits for its termination, and cleans up the CertDir if necessary.

type AuthenticatedUser 

type AuthenticatedUser struct {
	// contains filtered or unexported fields
}

AuthenticatedUser contains access information for an provisioned user, including REST config, kubeconfig contents, and access to a KubeCtl instance.

It's not "safe" to use the methods on this till after the API server has been started (due to certificate initialization and such). The various methods will panic if this is done.

func (*AuthenticatedUser) Config 

func (u *AuthenticatedUser) Config() *rest.Config

Config returns the REST config that can be used to connect to the API server as this user.

Will panic if used before the API server is started.

func (AuthenticatedUser) KubeConfig 

func (u AuthenticatedUser) KubeConfig() ([]byte, error)

KubeConfig returns a KubeConfig that's roughly equivalent to this user's REST config.

Will panic if used before the API server is started.

func (*AuthenticatedUser) Kubectl 

func (u *AuthenticatedUser) Kubectl() (*KubeCtl, error)

Kubectl returns a KubeCtl instance for talking to the API server as this user. It uses a kubeconfig equivalent to that returned by .KubeConfig.

Will panic if used before the API server is started.

type Authn 

type Authn interface {
	// Configure provides the working directory to this authenticator,
	// and configures the given API server arguments to make use of this authenticator.
	//
	// Should be called first.
	Configure(workDir string, args *process.Arguments) error
	// Start runs this authenticator.  Will be called just before API server start.
	//
	// Must be called after Configure.
	Start() error
	// AddUser provisions a user, returning a copy of the given base rest.Config
	// configured to authenticate as that users.
	//
	// May only be called while the authenticator is "running".
	AddUser(user User, baseCfg *rest.Config) (*rest.Config, error)
	// Stop shuts down this authenticator.
	Stop() error
}

Authn knows how to configure an API server for a particular type of authentication, and provision users under that authentication scheme.

The methods must be called in the following order (as presented below in the interface for a mnemonic):

1. Configure 2. Start 3. AddUsers (0+ calls) 4. Stop.

type CertAuthn 

type CertAuthn struct {
	// contains filtered or unexported fields
}

CertAuthn is an authenticator (Authn) that makes use of client certificate authn.

func NewCertAuthn 

func NewCertAuthn() (*CertAuthn, error)

NewCertAuthn creates a new client-cert-based Authn with a new CA.

func (*CertAuthn) AddUser 

func (c *CertAuthn) AddUser(user User, baseCfg *rest.Config) (*rest.Config, error)

AddUser provisions a new user that's authenticated via certificates, with the given uesrname and groups embedded in the certificate as expected by the API server.

func (*CertAuthn) Configure 

func (c *CertAuthn) Configure(workDir string, args *process.Arguments) error

Configure provides the working directory to this authenticator, and configures the given API server arguments to make use of this authenticator.

func (*CertAuthn) Start 

func (c *CertAuthn) Start() error

Start runs this authenticator. Will be called just before API server start.

Must be called after Configure.

func (*CertAuthn) Stop 

func (c *CertAuthn) Stop() error

Stop shuts down this authenticator.

type ControlPlane 

type ControlPlane struct {
	APIServer *APIServer
	Etcd      *Etcd

	// Kubectl will override the default asset search path for kubectl
	KubectlPath string
	// contains filtered or unexported fields
}

ControlPlane is a struct that knows how to start your test control plane.

Right now, that means Etcd and your APIServer. This is likely to increase in future.

func (*ControlPlane) APIURL deprecated 

func (f *ControlPlane) APIURL() *url.URL

APIURL returns the URL you should connect to to talk to your API server.

If insecure serving is configured, this will contain the insecure port. Otherwise, it will contain the secure port.

Deprecated: use AddUser instead, or APIServer.{Ins|S}ecureServing.URL if you really want just the URL.

func (*ControlPlane) AddUser 

func (f *ControlPlane) AddUser(user User, baseConfig *rest.Config) (*AuthenticatedUser, error)

AddUser provisions a new user in the cluster. It uses the APIServer's authentication strategy -- see APIServer.SecureServing.Authn.

Unlike AddUser, it's safe to pass a nil rest.Config here if you have no particular opinions about the config.

The default authentication strategy is not guaranteed to any specific strategy, but it is guaranteed to be callable both before and after Start has been called (but, as noted in the AuthenticatedUser docs, the given user objects are only valid after Start has been called).

func (*ControlPlane) GetAPIServer 

func (f *ControlPlane) GetAPIServer() *APIServer

GetAPIServer returns this ControlPlane's APIServer, initializing it if necessary.

func (*ControlPlane) KubeCtl deprecated 

func (f *ControlPlane) KubeCtl() *KubeCtl

KubeCtl returns a pre-configured KubeCtl, ready to connect to this ControlPlane.

Deprecated: use AddUser & AuthenticatedUser.Kubectl instead.

func (*ControlPlane) RESTClientConfig deprecated 

func (f *ControlPlane) RESTClientConfig() (*rest.Config, error)

RESTClientConfig returns a pre-configured restconfig, ready to connect to this ControlPlane.

Deprecated: use AddUser & AuthenticatedUser.Config instead.

func (*ControlPlane) Start 

func (f *ControlPlane) Start() error

Start will start your control plane processes. To stop them, call Stop().

func (*ControlPlane) Stop 

func (f *ControlPlane) Stop() error

Stop will stop your control plane processes, and clean up their data.

type Etcd 

type Etcd struct {
	// URL is the address the Etcd should listen on for client connections.
	//
	// If this is not specified, we default to a random free port on localhost.
	URL *url.URL

	// Path is the path to the etcd binary.
	//
	// If this is left as the empty string, we will attempt to locate a binary,
	// by checking for the TEST_ASSET_ETCD environment variable, and the default
	// test assets directory. See the "Binaries" section above (in doc.go) for
	// details.
	Path string

	// Args is a list of arguments which will passed to the Etcd binary. Before
	// they are passed on, the`y will be evaluated as go-template strings. This
	// means you can use fields which are defined and exported on this Etcd
	// struct (e.g. "--data-dir={{ .Dir }}").
	// Those templates will be evaluated after the defaulting of the Etcd's
	// fields has already happened and just before the binary actually gets
	// started. Thus you have access to calculated fields like `URL` and others.
	//
	// If not specified, the minimal set of arguments to run the Etcd will be
	// used.
	//
	// They will be loaded into the same argument set as Configure.  Each flag
	// will be Append-ed to the configured arguments just before launch.
	//
	// Deprecated: use Configure instead.
	Args []string

	// DataDir is a path to a directory in which etcd can store its state.
	//
	// If left unspecified, then the Start() method will create a fresh temporary
	// directory, and the Stop() method will clean it up.
	DataDir string

	// StartTimeout, StopTimeout specify the time the Etcd is allowed to
	// take when starting and stopping before an error is emitted.
	//
	// If not specified, these default to 20 seconds.
	StartTimeout time.Duration
	StopTimeout  time.Duration

	// Out, Err specify where Etcd should write its StdOut, StdErr to.
	//
	// If not specified, the output will be discarded.
	Out io.Writer
	Err io.Writer
	// contains filtered or unexported fields
}

Etcd knows how to run an etcd server.

func (*Etcd) Configure 

func (e *Etcd) Configure() *process.Arguments

Configure returns Arguments that may be used to customize the flags used to launch etcd. A set of defaults will be applied underneath.

func (*Etcd) Start 

func (e *Etcd) Start() error

Start starts the etcd, waits for it to come up, and returns an error, if one occoured.

func (*Etcd) Stop 

func (e *Etcd) Stop() error

Stop stops this process gracefully, waits for its termination, and cleans up the DataDir if necessary.

type KubeCtl 

type KubeCtl struct {
	// Path where the kubectl binary can be found.
	//
	// If this is left empty, we will attempt to locate a binary, by checking for
	// the TEST_ASSET_KUBECTL environment variable, and the default test assets
	// directory. See the "Binaries" section above (in doc.go) for details.
	Path string

	// Opts can be used to configure additional flags which will be used each
	// time the wrapped binary is called.
	//
	// For example, you might want to use this to set the URL of the APIServer to
	// connect to.
	Opts []string
}

KubeCtl is a wrapper around the kubectl binary.

func (*KubeCtl) Run 

func (k *KubeCtl) Run(args ...string) (stdout, stderr io.Reader, err error)

Run executes the wrapped binary with some preconfigured options and the arguments given to this method. It returns Readers for the stdout and stderr.

type SecureServing 

type SecureServing struct {
	// ListenAddr contains the host & port to serve on.
	//
	// Configurable.  If unset, it will be defaulted.
	process.ListenAddr
	// CA contains the CA that signed the API server's serving certificates.
	//
	// Read-only.
	CA []byte
	// Authn can be used to provision users, and override what type of
	// authentication is used to provision users.
	//
	// Configurable.  If unset, it will be defaulted.
	Authn
}

SecureServing provides/configures how the API server serves on the secure port.

type User 

type User struct {
	// Name is the user's Name.
	Name string
	// Groups are the groups to which the user belongs.
	Groups []string
}

User represents a Kubernetes user.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.