network

func Canonicalize ¶

func Canonicalize(conf *cnao.NetworkAddonsConfigSpec)

Canonicalize converts configuration to a canonical form.

func CipherSuiteIDs ¶ added in v0.102.0

func CipherSuiteIDs(openSSLCiphers []string) []uint16

CipherSuiteIDs converts OpenSSL cipher names to crypto/tls uint16 IDs suitable for tls.Config.CipherSuites. Unknown names are silently skipped.

func DefaultSelfSignConfiguration ¶ added in v0.50.0

func DefaultSelfSignConfiguration() *cnao.SelfSignConfiguration

func FillDefaults ¶

func FillDefaults(conf, previous *cnao.NetworkAddonsConfigSpec) error

FillDefaults computes any default values and applies them to the configuration This is a mutating operation. It should be called after Validate.

Defaults are carried forward from previous if it is provided. This is so we can change defaults as we move forward, but won't disrupt existing clusters.

func GetDefaultPlacementConfiguration ¶ added in v0.42.3

func GetDefaultPlacementConfiguration() cnao.PlacementConfiguration

func IsChangeSafe ¶

func IsChangeSafe(prev, next *cnao.NetworkAddonsConfigSpec) error

IsChangeSafe checks to see if the change between prev and next are allowed FillDefaults and Validate should have been called.

func OCPTLSProfileCiphersToGoCipherNames ¶ added in v0.102.0

func OCPTLSProfileCiphersToGoCipherNames(openSSLCiphers []string) []string

OCPTLSProfileCiphersToGoCipherNames converts OpenSSL-format cipher names used in OpenShift TLS profiles to Go crypto/tls constant names. TLs 1.3 cipher names are not included in the result. Go's cipher suite names are resolved from the runtime via tls.CipherSuites and tls.InsecureCipherSuites.

func Render ¶

func Render(conf *cnao.NetworkAddonsConfigSpec, manifestDir string, openshiftNetworkConfig *osv1.Network, clusterInfo *ClusterInfo) ([]*unstructured.Unstructured, error)

Render creates a list of components to be created

func RenderKubevirtIPAMController ¶ added in v0.102.0

func RenderKubevirtIPAMController(conf *cnao.NetworkAddonsConfigSpec, manifestDir string, clusterInfo *ClusterInfo) ([]*unstructured.Unstructured, error)

RenderKubevirtIPAMController generates the manifests of kubevirt-ipam-controller

func RenderNetworkPolicy ¶ added in v0.101.1

func RenderNetworkPolicy(manifestDir string, info ClusterInfo) ([]*unstructured.Unstructured, error)

func RenderObjsToRemove ¶ added in v0.41.0

func RenderObjsToRemove(scheme *runtime.Scheme, prev, conf *cnao.NetworkAddonsConfigSpec, manifestDir string, openshiftNetworkConfig *osv1.Network, clusterInfo *ClusterInfo) ([]*unstructured.Unstructured, error)

RenderObjsToRemove creates list of components to be removed

func SelectCipherSuitesAndMinTLSVersion ¶ added in v0.71.0

func SelectCipherSuitesAndMinTLSVersion(profile *ocpv1.TLSSecurityProfile) ([]string, ocpv1.TLSProtocolVersion)

func SpecialCleanUp ¶ added in v0.41.0

func SpecialCleanUp(conf *cnao.NetworkAddonsConfigSpec, client k8sclient.Client, clusterInfo *ClusterInfo) error

SpecialCleanUp checks if there are any specific outdated objects or ones that are no longer compatible and deletes them.

func TLSMinVersionID ¶ added in v0.102.0

func TLSMinVersionID(version ocpv1.TLSProtocolVersion) uint16

TLSMinVersionID converts an OpenShift TLSProtocolVersion to the crypto/tls uint16 constant suitable for tls.Config.MinVersion. An unrecognized version returns 0, which causes crypto/tls to use its default minimum (currently TLS 1.2).

func Validate ¶

func Validate(conf *cnao.NetworkAddonsConfigSpec, openshiftNetworkConfig *osv1.Network) error

Validate checks that the supplied configuration is reasonable. This should be called after Canonicalize