Documentation
¶
Index ¶
- func CreateBootstrapTokenSecret(ctx context.Context, client kubernetes.Interface, token string) error
- func EndpointFromTCPStatus(endpoint string) string
- func FindExistingBootstrapToken(ctx context.Context, client kubernetes.Interface) (string, error)
- func GenerateBootstrapToken() (string, error)
- func GenerateWorkerConfig(input MachineConfigInput) ([]byte, error)
- func IsTalosCluster(tc *butlerv1alpha1.TenantCluster) bool
- type MachineConfigInput
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateBootstrapTokenSecret ¶
func CreateBootstrapTokenSecret(ctx context.Context, client kubernetes.Interface, token string) error
CreateBootstrapTokenSecret creates a bootstrap token Secret in the tenant API server's kube-system namespace. The token has no TTL so it remains valid for static machine configs.
Steward's soot PhaseBootstrapToken already creates the RBAC needed for bootstrap tokens to work (AllowBootstrapTokensToGetNodes, AllowBootstrapTokensToPostCSRs, AutoApproveNodeBootstrapTokens, AutoApproveNodeCertificateRotation). These RBAC rules apply to ALL bootstrap tokens via group-based ClusterRoleBindings.
func EndpointFromTCPStatus ¶
EndpointFromTCPStatus converts a TCP status endpoint ("host:port") to the format Talos expects ("https://host:port").
func FindExistingBootstrapToken ¶
FindExistingBootstrapToken checks the tenant API server for an existing bootstrap token Secret. Returns the token string if found, or empty string if none exists. This enables idempotent reconciliation when the reconciler creates a token but fails before creating the CAPI bootstrap Secret.
func GenerateBootstrapToken ¶
GenerateBootstrapToken generates a random kubeadm-format bootstrap token. Format: "<6-char-id>.<16-char-secret>" (e.g., "a1b2c3.abcdef0123456789").
func GenerateWorkerConfig ¶
func GenerateWorkerConfig(input MachineConfigInput) ([]byte, error)
GenerateWorkerConfig generates a Talos v1alpha1 worker machine config YAML.
func IsTalosCluster ¶
func IsTalosCluster(tc *butlerv1alpha1.TenantCluster) bool
IsTalosCluster returns true if the TenantCluster uses Talos OS for workers.
Types ¶
type MachineConfigInput ¶
type MachineConfigInput struct {
// ClusterName is the name of the tenant cluster.
ClusterName string
// ControlPlaneEndpoint is the API server endpoint (e.g., "https://10.40.0.1:6443").
ControlPlaneEndpoint string
// ClusterCACert is the PEM-encoded Kubernetes cluster CA certificate.
ClusterCACert string
// MachineToken is the trustd authentication token (format: "butler.<hex>").
// Used by Talos apid to authenticate with steward-trustd.
MachineToken string
// BootstrapToken is a kubeadm bootstrap token (format: "<6char>.<16char>").
// Used by kubelet for TLS bootstrapping with the tenant API server.
BootstrapToken string
// OSCACert is the PEM-encoded OS CA certificate for trusting steward-trustd.
OSCACert string
// PodCIDR is the pod network CIDR (e.g., "10.244.0.0/16").
PodCIDR string
// ServiceCIDR is the service network CIDR (e.g., "10.96.0.0/12").
ServiceCIDR string
// InstallDisk is the disk device for Talos installation (e.g., "/dev/vda").
InstallDisk string
// InstallerImage is the Talos installer image reference.
InstallerImage string
}
MachineConfigInput contains all data needed to generate a Talos worker machine config.
Source Files