Documentation
¶
Index ¶
- Constants
- Variables
- func GetClientsetFromClusterConfig(config *rest.Config) (*kubernetes.Clientset, error)
- func GetClusterClientConfig() (*rest.Config, error)
- func GetClusterClientset() (*kubernetes.Clientset, error)
- func GetRESTClient() (*rest.RESTClient, error)
- type FileModType
- type KeyAdvertisingType
- type KeyObtainInfo
- type KeyRotateInfo
- type SHAType
- type TangServerReconciler
- func (r *TangServerReconciler) CreateNewKeysIfNecessary(k KeyObtainInfo, log logr.Logger) bool
- func (r *TangServerReconciler) KeyRotate(keyinfo KeyObtainInfo, log logr.Logger) bool
- func (r *TangServerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
- func (r *TangServerReconciler) SetupWithManager(mgr ctrl.Manager) error
- func (r *TangServerReconciler) UpdateKeys(k KeyObtainInfo, log logr.Logger)
Constants ¶
const ( DEFAULT_DEPLOYMENT_PREFIX = "tangdeployment-" DEFAULT_REPLICA_AMOUNT = 1 DEFAULT_DEPLOYMENT_TYPE = "Deployment" )
Constants to use
const ( DEFAULT_SERVICE_PORT = 7500 DEFAULT_SERVICE_TYPE = "Service" DEFAULT_API_VERSION = "v1" DEFAULT_SERVICE_PREFIX = "service-" DEFAULT_SERVICE_PROTO = "http" )
constants to use
const DEFAULT_APP_IMAGE = "registry.redhat.io/rhel8/tang"
const DEFAULT_APP_VERSION = "latest"
const DEFAULT_DEPLOYMENT_HEALTH_CHECK = "/usr/bin/tangd-health-check"
const DEFAULT_DEPLOYMENT_KEY_PATH = "/var/db/tang"
const DEFAULT_LIVENESS_INITIALDELAYSECONDS = 27
const DEFAULT_LIVENESS_PERIOD_SECONDS = 16
const DEFAULT_LIVENESS_TIMEOUT_SECONDS = 5
const DEFAULT_POD_RUNNING_PORT = 8080
const DEFAULT_READY_INITIALDELAYSECONDS = 5
const DEFAULT_READY_PERIOD_SECONDS = 15
const DEFAULT_READY_TIMEOUT_SECONDS = 5
const DEFAULT_RECONCILE_TIMER_NO_ACTIVE_KEYS = 5 // seconds
Default recheck of keys when no active keys exit
const DEFAULT_TANGSERVER_NAME = "tangserver"
const DEFAULT_TANGSERVER_PVC_NAME = "tangserver-pvc"
const DEFAULT_TANGSERVER_SECRET = "tangserversecret"
const DEFAULT_TANG_FINALIZER = "finalizer.daemons.tangserver.redhat.com"
Finalizer for tang server
Variables ¶
var FORBIDDEN_PATH_MAP = map[string]string{
".": "FORBIDDEN",
"..": "FORBIDDEN",
"lost+found": "FORBIDDEN",
}
Functions ¶
func GetClientsetFromClusterConfig ¶
func GetClientsetFromClusterConfig(config *rest.Config) (*kubernetes.Clientset, error)
GetClientsetFromClusterConfig takes REST config and Create a clientset based on that and return that clientset
func GetClusterClientConfig ¶
GetClusterClientConfig first tries to get a config object which uses the service account kubernetes gives to pods, if it is called from a process running in a kubernetes environment. Otherwise, it tries to build config from a default kubeconfig filepath if it fails, it fallback to the default config. Once it get the config, it returns the same.
func GetClusterClientset ¶
func GetClusterClientset() (*kubernetes.Clientset, error)
GetClusterClientset first tries to get a config object which uses the service account kubernetes gives to pods, if it is called from a process running in a kubernetes environment. Otherwise, it tries to build config from a default kubeconfig filepath if it fails, it fallback to the default config. Once it get the config, it creates a new Clientset for the given config and returns the clientset.
func GetRESTClient ¶
func GetRESTClient() (*rest.RESTClient, error)
GetRESTClient first tries to get a config object which uses the service account kubernetes gives to pods, if it is called from a process running in a kubernetes environment. Otherwise, it tries to build config from a default kubeconfig filepath if it fails, it fallback to the default config. Once it get the config, it
Types ¶
type FileModType ¶
type FileModType uint8
const ( UNKNOWN_MOD FileModType = iota CREATION MODIFICATION )
type KeyAdvertisingType ¶
type KeyAdvertisingType uint8
const ( UNKNOWN_ADVERTISED KeyAdvertisingType = iota ALL_KEYS ONLY_ADVERTISED ONLY_UNADVERTISED )
type KeyObtainInfo ¶
type KeyObtainInfo struct {
PodName string
Namespace string
DbPath string
TangServer *daemonsv1alpha1.TangServer
}
type KeyRotateInfo ¶
type KeyRotateInfo struct {
KeyInfo *KeyObtainInfo
KeyFileName string
}
type TangServerReconciler ¶
type TangServerReconciler struct {
client.Client
Scheme *runtime.Scheme
Recorder record.EventRecorder
}
TangServerReconciler reconciles a TangServer object
func (*TangServerReconciler) CreateNewKeysIfNecessary ¶
func (r *TangServerReconciler) CreateNewKeysIfNecessary(k KeyObtainInfo, log logr.Logger) bool
CreateNewKeysIfNecessary creates new keys if spec mandates so
func (*TangServerReconciler) KeyRotate ¶
func (r *TangServerReconciler) KeyRotate(keyinfo KeyObtainInfo, log logr.Logger) bool
KeyRotate rotate keys if user specifies so in the spec
func (*TangServerReconciler) Reconcile ¶
func (r *TangServerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
Reconcile is part of the main kubernetes reconciliation loop which aims to move the current state of the cluster closer to the desired state. TODO(user): Modify the Reconcile function to compare the state specified by the TangServer object against the actual cluster state, and then perform operations to make the cluster state reflect the state specified by the user.
For more details, check Reconcile and its Result here: - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.8.3/pkg/reconcile +kubebuilder:rbac:groups=apps.redhat,resources=tangservers,verbs=get;list;watch;create;update;patch;delete +kubebuilder:rbac:groups=apps.redhat,resources=tangservers/status,verbs=get;update;patch
func (*TangServerReconciler) SetupWithManager ¶
func (r *TangServerReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
func (*TangServerReconciler) UpdateKeys ¶
func (r *TangServerReconciler) UpdateKeys(k KeyObtainInfo, log logr.Logger)
UpdateKeys updates keys in the CR status
Source Files