Documentation
¶
Index ¶
- func CleanupTempConfigsDirectory()
- func ConfigFilesExist(configsDirectory string) (bool, error)
- func FillMissingSecrets(ctx context.Context) error
- func K8sLatestPerCycle() (map[string]string, error)
- func LatestStableK8sRelease() (string, error)
- func ParseConfigFiles(ctx context.Context, configsDirectory string)
- func ResolveConfigsDirectory(ctx context.Context) error
- func ValidateOIDCDiscovery(ctx context.Context) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CleanupTempConfigsDirectory ¶
func CleanupTempConfigsDirectory()
CleanupTempConfigsDirectory removes the temp directory if one was created during resolution. Safe to call even if configs were loaded from a local path.
func ConfigFilesExist ¶
ConfigFilesExist checks whether both general.yaml and secrets.yaml exist at the given path.
func FillMissingSecrets ¶
FillMissingSecrets auto-generates and persists random secret values into secrets.yaml for fields that are required by the cluster's mode but currently empty. Re-runs read the persisted values and the SealedSecret render produces byte-identical plaintext, so kubeseal doesn't re-encrypt and the operator doesn't get noise PRs every time they re-run kubeaid-cli.
Runs after both general.yaml and secrets.yaml are parsed — general.yaml tells us which fields are required (cluster type + keycloak mode), secrets.yaml tells us what's already filled in.
In-place mutation via yaml.v3 *yaml.Node so the operator's existing comments and key ordering survive. Only ADDS missing keys; never removes or rewrites existing values.
On any change, the in-memory ParsedSecretsConfig is refreshed from the mutated YAML so callers downstream see the freshly- generated values.
func K8sLatestPerCycle ¶
K8sLatestPerCycle returns a snapshot of the embedded EOL data as a map of cycle string ("1.35") to the latest known patch version ("1.35.4"). The prompt package's K8s profile picker uses this to resolve concrete versions per profile when dl.k8s.io is unreachable or to seed the "patch level" of the latest two minor releases.
func LatestStableK8sRelease ¶
LatestStableK8sRelease re-exports the embedded fetch wrapper so the prompt package can probe dl.k8s.io without duplicating the HTTP boilerplate. Empty string + non-nil error on transport failure — caller is expected to fall back to embedded EOL data.
func ParseConfigFiles ¶
func ResolveConfigsDirectory ¶
ResolveConfigsDirectory resolves the configs directory from a local path or stdin ("-"). For stdin, it writes the received YAML to a temp directory and updates globals.ConfigsDirectory to point there.
func ValidateOIDCDiscovery ¶
ValidateOIDCDiscovery probes the configured OIDC issuer's discovery endpoint (.well-known/openid-configuration) so a misconfigured URL fails fast — before any infrastructure is provisioned. No-op when the cluster has no apiServer.oidc block.
Responsibilities:
- HTTP GET <issuer>/.well-known/openid-configuration
- Verify the response is JSON with an "issuer" field that matches the configured IssuerURL (per the OIDC discovery spec)
- Surface DNS / TLS / timeout / HTTP-status errors as actionable messages instead of letting them flow through later in bootstrap
When apiServer.oidc.caBundlePath is set, the probe trusts that PEM for TLS — so the same CA bundle that kube-apiserver will use also gates this pre-flight check.
Types ¶
This section is empty.
Source Files