Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func UnboundedAgentInstallScript ¶
func UnboundedAgentInstallScript() string
UnboundedAgentInstallScript returns the install script for using the unbounded-agent to bootstrap a node.
func UnboundedAgentUninstallScript ¶
UnboundedAgentUninstallScript returns the uninstall script with the given machine name baked in. The script reverses the bootstrap process: it stops and removes the nspawn machine, cleans up network interfaces, removes configuration files, and restores the host to its original state.
Types ¶
type AgentAttestConfig ¶
type AgentAttestConfig struct {
// URL is the base URL of the metalman serve-pxe instance (e.g.
// "http://10.0.0.1:8880"). The agent appends "/attest" to this URL
// when performing TPM attestation.
URL string `json:"URL"`
}
AgentAttestConfig holds configuration for TPM-based attestation against a metalman serve-pxe instance.
type AgentClusterConfig ¶
type AgentClusterConfig struct {
CaCertBase64 string `json:"CaCertBase64"`
ClusterDNS string `json:"ClusterDNS"`
Version string `json:"Version"`
}
AgentClusterConfig holds the cluster-level values the agent needs to join the Kubernetes control plane.
type AgentConfig ¶
type AgentConfig struct {
MachineName string `json:"MachineName"`
Cluster AgentClusterConfig `json:"Cluster"`
Kubelet AgentKubeletConfig `json:"Kubelet"`
// OCIImage is the fully-qualified OCI image reference (e.g.
// "ghcr.io/org/repo:tag") used to bootstrap the machine rootfs.
// When empty the agent falls back to debootstrap.
OCIImage string `json:"OCIImage,omitempty"`
// Attest configures TPM-based attestation for obtaining a bootstrap
// token from a metalman serve-pxe instance. When set, the agent
// performs TPM attestation on the host instead of requiring a static
// BootstrapToken in Kubelet config.
Attest *AgentAttestConfig `json:"Attest,omitempty"`
}
AgentConfig is the configuration document uploaded to the remote machine before running the agent install script. The script reads it via the UNBOUNDED_AGENT_CONFIG_FILE environment variable.
func BuildAgentConfig ¶
func BuildAgentConfig(params BuildAgentConfigParams) AgentConfig
BuildAgentConfig constructs an AgentConfig from a Machine and cluster-level parameters. This is the canonical function used by all codepaths that produce agent configuration (machina SSH provisioner, metalman PXE templates, and kubectl-unbounded manual bootstrap).
Label priority (lowest to highest):
- User-defined labels from Machine.Spec.Kubernetes.NodeLabels.
- Common labels applied unconditionally (e.g. cloud provider exclusion).
- Provider-injected labels from params.ProviderLabels.
type AgentKubeletConfig ¶
type AgentKubeletConfig struct {
ApiServer string `json:"ApiServer"`
BootstrapToken string `json:"BootstrapToken,omitempty"`
Labels map[string]string `json:"Labels"`
RegisterWithTaints []string `json:"RegisterWithTaints"`
}
AgentKubeletConfig holds kubelet-specific overrides.
type BuildAgentConfigParams ¶
type BuildAgentConfigParams struct {
// Machine is the Machine object to build the config for.
Machine *v1alpha3.Machine
// Cluster holds the cluster-level connection parameters.
Cluster ClusterEndpoint
// ProviderLabels are cloud-provider-injected labels that override
// all other labels. These are typically resolved from
// cloudprovider.Provider.DefaultLabels().
ProviderLabels map[string]string
// BootstrapToken is the kubelet bootstrap token (e.g. "abc123.xyz789").
// When empty, the agent is expected to obtain a token via attestation.
BootstrapToken string
// AttestURL is the base URL of a metalman serve-pxe instance for
// TPM-based attestation (e.g. "http://10.0.0.1:8880"). When non-empty
// an Attest section is included in the config.
AttestURL string
}
BuildAgentConfigParams holds the inputs for BuildAgentConfig. Cluster-level values are resolved once at controller startup and reused across reconcile loops. Machine-level values come from the Machine object.
type ClusterEndpoint ¶
type ClusterEndpoint struct {
// APIServer is the Kubernetes API server endpoint (e.g.
// "my-cluster-dns.hcp.eastus.azmk8s.io:443").
APIServer string
// CACertBase64 is the base64-encoded cluster CA certificate.
CACertBase64 string
// ClusterDNS is the ClusterIP of the kube-dns Service.
ClusterDNS string
// KubeVersion is the cluster's Kubernetes version (e.g. "v1.34.0"),
// used as a fallback when the Machine's Spec.Kubernetes.Version is
// empty.
KubeVersion string
}
ClusterEndpoint holds the cluster-level connection parameters needed to build agent configuration. These values are typically resolved once at controller startup and reused across reconcile loops.
Source Files