helm

package
v0.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 25, 2025 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SPIRERepositoryName = "spire"
	SPIRERepositoryURL  = "https://spiffe.github.io/helm-charts-hardened/"

	SPIREChartName       = "spire"
	SPIREChartVersion    = "0.24.5"
	SPIRECRDChartName    = "spire-crds"
	SPIRECRDChartVersion = "0.5.0"

	// Kubernetes namespace in which Helm charts and CRDs will be installed.
	SPIREManagementNamespace = "spire-mgmt"
)

Variables

This section is empty.

Functions

func DiscardLogger 

func DiscardLogger(format string, v ...any)

func IsClusterDeployed added in v0.12.0 

func IsClusterDeployed(ctx context.Context, cluster *clusterpb.Cluster, kubeConfig string) (bool, error)

IsClusterDeployed returns whether a cluster has been deployed, i.e. whether a SPIRE Helm release has been installed.

func IsClusterReachable added in v0.14.2 

func IsClusterReachable(ctx context.Context, cluster *clusterpb.Cluster, kubeConfig string) error

IsClusterReachable returns no error if a Kubernetes cluster is reachable.

func MergeMaps added in v0.5.0 

func MergeMaps(dest, src map[string]any) (map[string]any, error)

MergeMaps merges the source map into the destination map, returning a new merged map.

Types

type HelmSPIREProvider 

type HelmSPIREProvider struct {
	// contains filtered or unexported fields
}

HelmSPIREProvider implements a Helm-based installer for the Cofide stack. It uses the SPIFFE/SPIRE project's own helm-charts-hardened Helm chart to install a SPIRE stack to a given Kubernetes context, making use of the Cofide API concepts and abstractions

func NewHelmSPIREProvider 

func NewHelmSPIREProvider(ctx context.Context, trustZoneName string, cluster *clusterpb.Cluster, spireValues, spireCRDsValues map[string]any, opts ...HelmSPIREProviderOption) (*HelmSPIREProvider, error)

func (*HelmSPIREProvider) AddRepository 

func (h *HelmSPIREProvider) AddRepository(statusCh chan<- *provisionpb.Status) error

AddRepository adds the SPIRE Helm repository to the local repositories.yaml. The action is performed synchronously and status is streamed through the provided status channel. This function should be called once, not per-trust zone. The SPIRE Helm repository is added to the local repositories.yaml, locking the repositories.lock file while making changes.

func (*HelmSPIREProvider) CheckIfAlreadyInstalled 

func (h *HelmSPIREProvider) CheckIfAlreadyInstalled() (bool, error)

CheckIfAlreadyInstalled returns true if the SPIRE chart has previously been installed.

func (*HelmSPIREProvider) CheckIfReachable added in v0.14.2 

func (h *HelmSPIREProvider) CheckIfReachable() error

CheckIfReachable returns no error if a Kubernetes cluster is reachable.

func (*HelmSPIREProvider) Execute 

func (h *HelmSPIREProvider) Execute(statusCh chan<- *provisionpb.Status) error

Execute installs the SPIRE Helm stack to the selected Kubernetes context. The action is performed synchronously and status is streamed through the provided status channel.

func (*HelmSPIREProvider) ExecutePostInstallUpgrade added in v0.5.0 

func (h *HelmSPIREProvider) ExecutePostInstallUpgrade(statusCh chan<- *provisionpb.Status) error

ExecutePostInstallUpgrade upgrades the SPIRE stack to the selected Kubernetes context. The action is performed synchronously and status is streamed through the provided status channel.

func (*HelmSPIREProvider) ExecuteUninstall 

func (h *HelmSPIREProvider) ExecuteUninstall(statusCh chan<- *provisionpb.Status) error

ExecuteUninstall uninstalls the SPIRE stack from the selected Kubernetes context. The action is performed synchronously and status is streamed through the provided status channel.

func (*HelmSPIREProvider) ExecuteUpgrade 

func (h *HelmSPIREProvider) ExecuteUpgrade(statusCh chan<- *provisionpb.Status) error

ExecuteUpgrade upgrades the SPIRE stack to the selected Kubernetes context. The action is performed synchronously and status is streamed through the provided status channel.

type HelmSPIREProviderOption added in v0.16.0 

type HelmSPIREProviderOption func(*HelmSPIREProvider)

HelmSPIREProviderOption is a function that configures a HelmSPIREProvider.

func WithKubeConfig added in v0.16.0 

func WithKubeConfig(kubeConfig string) HelmSPIREProviderOption

WithKubeConfig sets the kubeconfig path

func WithSPIRECRDChartName added in v0.16.0 

func WithSPIRECRDChartName(name string) HelmSPIREProviderOption

WithSPIRECRDChartName sets the name for the SPIRE CRDs Helm chart

func WithSPIRECRDsChartVersion added in v0.16.0 

func WithSPIRECRDsChartVersion(version string) HelmSPIREProviderOption

WithSPIRECRDsChartVersion sets the version for the SPIRE CRDs Helm chart

func WithSPIREChartName added in v0.16.0 

func WithSPIREChartName(name string) HelmSPIREProviderOption

WithSPIREChartName sets the name for the SPIRE Helm chart

func WithSPIREChartVersion added in v0.16.0 

func WithSPIREChartVersion(version string) HelmSPIREProviderOption

WithSPIREChartVersion sets the version for the SPIRE Helm chart

func WithSPIRERepositoryName added in v0.16.0 

func WithSPIRERepositoryName(name string) HelmSPIREProviderOption

WithSPIRERepositoryName sets the name for the SPIRE Helm repository

func WithSPIRERepositoryURL added in v0.16.0 

func WithSPIRERepositoryURL(url string) HelmSPIREProviderOption

WithSPIRERepositoryURL sets the SPIRE Helm repository URL

type HelmValuesGenerator 

type HelmValuesGenerator struct {
	// contains filtered or unexported fields
}

func NewHelmValuesGenerator 

func NewHelmValuesGenerator(trustZone *trust_zone_proto.TrustZone, cluster *clusterpb.Cluster, source datasource.DataSource, values map[string]any) *HelmValuesGenerator

func (*HelmValuesGenerator) GenerateValues 

func (g *HelmValuesGenerator) GenerateValues() (map[string]any, error)

type Provider added in v0.5.0 

type Provider interface {
	// AddRepository adds the SPIRE Helm repository to the local repositories.yaml.
	// The action is performed synchronously and status is streamed through the provided status channel.
	// This function should be called once, not per-trust zone.
	// The SPIRE Helm repository is added to the local repositories.yaml, locking the repositories.lock
	// file while making changes.
	AddRepository(statusCh chan<- *provisionpb.Status) error

	// Execute installs the SPIRE Helm stack to the selected Kubernetes context.
	// The action is performed synchronously and status is streamed through the provided status channel.
	Execute(statusCh chan<- *provisionpb.Status) error

	// ExecutePostInstallUpgrade upgrades the SPIRE stack to the selected Kubernetes context.
	// The action is performed synchronously and status is streamed through the provided status channel.
	ExecutePostInstallUpgrade(statusCh chan<- *provisionpb.Status) error

	// ExecuteUpgrade upgrades the SPIRE stack to the selected Kubernetes context.
	// The action is performed synchronously and status is streamed through the provided status channel.
	ExecuteUpgrade(statusCh chan<- *provisionpb.Status) error

	// ExecuteUninstall uninstalls the SPIRE stack from the selected Kubernetes context.
	// The action is performed synchronously and status is streamed through the provided status channel.
	ExecuteUninstall(statusCh chan<- *provisionpb.Status) error

	// CheckIfAlreadyInstalled returns true if the SPIRE chart has previously been installed.
	CheckIfAlreadyInstalled() (bool, error)
}

Provider is an interface that abstracts a Helm-based workload identity provider.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.