Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func KubeConfigFromREST ¶
KubeConfigFromREST reverse-engineers a kubeconfig file from a rest.Config. The options are tailored towards the rest.Configs we generate, so they're not broadly applicable.
This is not intended to be exposed beyond internal for the above reasons.
func PrepareShard ¶
PrepareShard is an internal-only (NEVER SHOULD BE EXPOSED) function that sets up the kcp shard just before starting it, without actually starting it. This saves time on tests.
NB(directxman12): do not expose this outside of internal -- it's unsafe to use, because things like port allocation could race even more than they currently do if you later call start!
Types ¶
type AuthenticatedUser ¶
type AuthenticatedUser struct {
// contains filtered or unexported fields
}
AuthenticatedUser contains access information for an provisioned user, including REST config, kubeconfig contents, and access to a KubeCtl instance.
It's not "safe" to use the methods on this till after the API server has been started (due to certificate initialization and such). The various methods will panic if this is done.
func (*AuthenticatedUser) Config ¶
func (u *AuthenticatedUser) Config() *rest.Config
Config returns the REST config that can be used to connect to the API server as this user.
Will panic if used before the API server is started.
func (AuthenticatedUser) KubeConfig ¶
func (u AuthenticatedUser) KubeConfig() ([]byte, error)
KubeConfig returns a KubeConfig that's roughly equivalent to this user's REST config.
Will panic if used before the API server is started.
func (*AuthenticatedUser) Kubectl ¶
func (u *AuthenticatedUser) Kubectl() (*KubeCtl, error)
Kubectl returns a KubeCtl instance for talking to the API server as this user. It uses a kubeconfig equivalent to that returned by .KubeConfig.
Will panic if used before the API server is started.
type Authn ¶
type Authn interface {
// Configure provides the working directory to this authenticator,
// and configures the given API server arguments to make use of this authenticator.
//
// Should be called first.
Configure(workDir string, args *process.Arguments) error
// Start runs this authenticator. Will be called just before API server start.
//
// Must be called after Configure.
Start() error
// AddUser provisions a user, returning a copy of the given base rest.Config
// configured to authenticate as that users.
//
// May only be called while the authenticator is "running".
AddUser(user User, baseCfg *rest.Config) (*rest.Config, error)
// Stop shuts down this authenticator.
Stop() error
}
Authn knows how to configure kcp for a particular type of authentication, and provision users under that authentication scheme.
The methods must be called in the following order (as presented below in the interface for a mnemonic):
1. Configure 2. Start 3. AddUsers (0+ calls) 4. Stop.
type CertAuthn ¶
type CertAuthn struct {
// contains filtered or unexported fields
}
CertAuthn is an authenticator (Authn) that makes use of client certificate authn.
func NewCertAuthn ¶
NewCertAuthn creates a new client-cert-based Authn with a new CA.
func (*CertAuthn) AddUser ¶
AddUser provisions a new user that's authenticated via certificates, with the given uesrname and groups embedded in the certificate as expected by the API server.
func (*CertAuthn) Configure ¶
Configure provides the working directory to this authenticator, and configures the given API server arguments to make use of this authenticator.
type EmbeddedEtcd ¶
type EmbeddedEtcd struct {
// PeerPort is the etcd peer port.
PeerPort string
// ClientPort is the etcd client port.
ClientPort string
}
EmbeddedEtcd configures the embedded etcd.
type Kcp ¶
type Kcp struct {
RootShard *Shard
// Kubectl will override the default asset search path for kubectl
KubectlPath string
// contains filtered or unexported fields
}
Kcp is a struct that knows how to start your test kcp.
Right now, that means one kcp shard. This is likely to increase in future.
func (*Kcp) AddUser ¶
AddUser provisions a new user in the cluster. It uses the Shard's authentication strategy -- see Shard.SecureServing.Authn.
Unlike AddUser, it's safe to pass a nil rest.Config here if you have no particular opinions about the config.
The default authentication strategy is not guaranteed to any specific strategy, but it is guaranteed to be callable both before and after Start has been called (but, as noted in the AuthenticatedUser docs, the given user objects are only valid after Start has been called).
func (*Kcp) GetRootShard ¶
GetRootShard returns this Kcp's Shard, initializing it if necessary.
func (*Kcp) RESTClientConfig
deprecated
type KubeCtl ¶
type KubeCtl struct {
// Path where the kubectl binary can be found.
//
// If this is left empty, we will attempt to locate a binary, by checking for
// the TEST_ASSET_KUBECTL environment variable, and the default test assets
// directory. See the "Binaries" section above (in doc.go) for details.
Path string
// Opts can be used to configure additional flags which will be used each
// time the wrapped binary is called.
//
// For example, you might want to use this to set the URL of the Shard to
// connect to.
Opts []string
}
KubeCtl is a wrapper around the kubectl binary.
type SecureServing ¶
type SecureServing struct {
// ListenAddr contains the host & port to serve on.
//
// Configurable. If unset, it will be defaulted.
process.ListenAddr
// CA contains the CA that signed the API server's serving certificates.
//
// Read-only.
CA []byte
// Authn can be used to provision users, and override what type of
// authentication is used to provision users.
//
// Configurable. If unset, it will be defaulted.
Authn
}
SecureServing provides/configures how the API server serves on the secure port.
type Shard ¶
type Shard struct {
// SecureServing indicates how the kcp shard will serve on the secure port.
//
// Some parts are configurable. Will be defaulted if unset.
SecureServing
// EmbeddedEtcd configures the embedded etcd.
EmbeddedEtcd EmbeddedEtcd
// Path is the path to the kcp binary.
//
// If this is left as the empty string, we will attempt to locate a binary,
// by checking for the TEST_ASSET_KCP environment variable, and
// the default test assets directory. See the "Binaries" section above (in
// doc.go) for details.
Path string
// RootDir is a path to a directory containing certificates the
// Shard will need, the Shard's embedded etcd data and the admin kubeconfig.
//
// If left unspecified, then the Start() method will create a fresh temporary
// directory, and the Stop() method will clean it up.
RootDir string
// StartTimeout, StopTimeout specify the time the Shard is allowed to
// take when starting and stoppping before an error is emitted.
//
// If not specified, these default to 1 min and 20 seconds respectively.
StartTimeout time.Duration
StopTimeout time.Duration
// Out, Err specify where Shard should write its StdOut, StdErr to.
//
// If not specified, the output will be discarded.
Out io.Writer
Err io.Writer
// contains filtered or unexported fields
}
Shard knows how to run a kcp shard.
func (*Shard) Configure ¶
Configure returns Arguments that may be used to customize the flags used to launch the kcp shard. A set of defaults will be applied underneath.
Source Files