Documentation
¶
Index ¶
- func AgentInstallEnv(agent *v1alpha3.AgentSpec) []string
- func ResolveDownloadOverrides(d *AgentDownloads) *goalstates.DownloadOverrides
- func ShellSingleQuote(v string) string
- func UnboundedAgentInstallScript() string
- func UnboundedAgentUninstallScript(machineName string) string
- type AgentAttestConfig
- type AgentClusterConfig
- type AgentConfig
- type AgentDownloadSource
- type AgentDownloads
- type AgentKubeletConfig
- type BuildAgentConfigParams
- type CNIConfig
- type CRIConfig
- type ClusterEndpoint
- type ContainerdConfig
- type KubeletAuthInfo
- type RuncConfig
- type UnboundedAgentConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AgentInstallEnv ¶ added in v0.1.3
AgentInstallEnv returns the KEY=VALUE pairs that should be exported before the unbounded-agent install script runs, based on optional download overrides. Values are POSIX-single-quoted so they can be safely prepended to a shell command. Empty overrides are omitted.
func ResolveDownloadOverrides ¶ added in v0.1.3
func ResolveDownloadOverrides(d *AgentDownloads) *goalstates.DownloadOverrides
ResolveDownloadOverrides converts the provision AgentDownloads (from the agent config JSON) into the goalstates.DownloadOverrides shape that rootfs phase tasks consume. Returns nil when no overrides are set.
func ShellSingleQuote ¶ added in v0.1.3
ShellSingleQuote wraps v in POSIX-safe single quotes, escaping any embedded single quotes. The result can be used verbatim on the right-hand side of an `export KEY=...` statement in bash.
func UnboundedAgentInstallScript ¶
func UnboundedAgentInstallScript() string
UnboundedAgentInstallScript returns the install script for using the unbounded-agent to bootstrap a node.
func UnboundedAgentUninstallScript ¶
UnboundedAgentUninstallScript returns the uninstall script with the given machine name baked in. The script reverses the bootstrap process: it stops and removes the nspawn machine, cleans up network interfaces, removes configuration files, and restores the host to its original state.
Types ¶
type AgentAttestConfig ¶
type AgentAttestConfig struct {
// URL is the base URL of the metalman serve-pxe instance (e.g.
// "http://10.0.0.1:8880"). The agent appends "/attest" to this URL
// when performing TPM attestation.
URL string `json:"URL"`
}
AgentAttestConfig holds configuration for TPM-based attestation against a metalman serve-pxe instance.
type AgentClusterConfig ¶
type AgentClusterConfig = config.AgentClusterConfig
type AgentConfig ¶
type AgentConfig = config.AgentConfig
type AgentDownloadSource ¶ added in v0.1.3
type AgentDownloadSource struct {
BaseURL string `json:"BaseURL,omitempty"`
URL string `json:"URL,omitempty"`
Version string `json:"Version,omitempty"`
}
AgentDownloadSource configures an override for a single binary download source. BaseURL replaces the upstream host + path prefix; URL replaces the entire URL template. Version overrides the version that would otherwise be derived from the cluster Kubernetes version or the agent's compiled-in defaults.
type AgentDownloads ¶ added in v0.1.3
type AgentDownloads struct {
Kubernetes *AgentDownloadSource `json:"Kubernetes,omitempty"`
Containerd *AgentDownloadSource `json:"Containerd,omitempty"`
Runc *AgentDownloadSource `json:"Runc,omitempty"`
CNI *AgentDownloadSource `json:"CNI,omitempty"`
Crictl *AgentDownloadSource `json:"Crictl,omitempty"`
}
AgentDownloads optionally overrides the download sources for the binaries the agent installs into the nspawn rootfs. Each entry is optional; unset entries fall back to the upstream defaults compiled into the agent.
type AgentKubeletConfig ¶
type AgentKubeletConfig = config.AgentKubeletConfig
type BuildAgentConfigParams ¶
type BuildAgentConfigParams struct {
// Machine is the Machine object to build the config for.
Machine *v1alpha3.Machine
// Cluster holds the cluster-level connection parameters.
Cluster ClusterEndpoint
// ProviderLabels are cloud-provider-injected labels that override
// all other labels. These are typically resolved from
// cloudprovider.Provider.DefaultLabels().
ProviderLabels map[string]string
// BootstrapToken is the kubelet bootstrap token (e.g. "abc123.xyz789").
// When empty, the agent is expected to obtain a token via attestation.
BootstrapToken string
// AttestURL is the base URL of a metalman serve-pxe instance for
// TPM-based attestation (e.g. "http://10.0.0.1:8880"). When non-empty
// an Attest section is included in the config.
AttestURL string
}
BuildAgentConfigParams holds the inputs for BuildAgentConfig. Cluster-level values are resolved once at controller startup and reused across reconcile loops. Machine-level values come from the Machine object.
type ClusterEndpoint ¶
type ClusterEndpoint struct {
// APIServer is the Kubernetes API server endpoint (e.g.
// "my-cluster-dns.hcp.eastus.azmk8s.io:443").
APIServer string
// CACertBase64 is the base64-encoded cluster CA certificate.
CACertBase64 string
// ClusterDNS is the ClusterIP of the kube-dns Service.
ClusterDNS string
// KubeVersion is the cluster's Kubernetes version (e.g. "v1.34.0"),
// used as a fallback when the Machine's Spec.Kubernetes.Version is
// empty.
KubeVersion string
}
ClusterEndpoint holds the cluster-level connection parameters needed to build agent configuration. These values are typically resolved once at controller startup and reused across reconcile loops.
type ContainerdConfig ¶ added in v0.1.1
type ContainerdConfig = config.ContainerdConfig
type KubeletAuthInfo ¶ added in v0.1.1
type KubeletAuthInfo = config.KubeletAuthInfo
type RuncConfig ¶ added in v0.1.1
type RuncConfig = config.RuncConfig
type UnboundedAgentConfig ¶ added in v0.1.1
type UnboundedAgentConfig struct {
config.AgentConfig
// Attest configures TPM-based attestation for obtaining a bootstrap
// token from a metalman serve-pxe instance. When set, the agent
// performs TPM attestation on the host instead of requiring a static
// BootstrapToken in the Kubelet.Auth config.
Attest *AgentAttestConfig `json:"Attest,omitempty"`
// Downloads optionally overrides the download sources for binaries
// the agent installs into the nspawn rootfs (kubelet, containerd,
// runc, CNI plugins, crictl). When unset the agent downloads each
// artifact from its upstream default host.
Downloads *AgentDownloads `json:"Downloads,omitempty"`
}
UnboundedAgentConfig extends the shared AgentConfig with unbounded-specific fields that are not part of the public agent IR. Controllers and the agent CLI use this type; the shared agent library uses only AgentConfig.
func BuildAgentConfig ¶
func BuildAgentConfig(params BuildAgentConfigParams) UnboundedAgentConfig
BuildAgentConfig constructs an AgentConfig from a Machine and cluster-level parameters. This is the canonical function used by all codepaths that produce agent configuration (machina SSH provisioner, metalman PXE templates, and kubectl-unbounded manual bootstrap).
Label priority (lowest to highest):
- User-defined labels from Machine.Spec.Kubernetes.NodeLabels.
- Common labels applied unconditionally (e.g. cloud provider exclusion).
- Provider-injected labels from params.ProviderLabels.
Source Files