bootstrap

package
v1.6.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 26, 2026 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Package bootstrap orchestrates the TLS bootstrap ceremony with Raft-based leader election. This package coordinates single-node vs multi-node detection, Raft election, and leadership stability checking before CA generation.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BootstrapManager 

type BootstrapManager struct {
	// contains filtered or unexported fields
}

BootstrapManager orchestrates the TLS bootstrap ceremony. It handles both single-node and multi-node deployment scenarios, running Raft leader election for multi-node to prevent split-brain CA generation.

The unified bootstrap flow detects if any peer is already bootstrapped (via RPCGetStatus) and either joins the existing cluster (PATH A - late joiner) or forms a new cluster via Raft election (PATH B - fresh bootstrap).

func NewBootstrapManager 

func NewBootstrapManager(nodeID string, bindAddr string, bootstrapToken token.SecureToken,
	discoveryResult *discovery.DiscoveryResult, customSANs []string, certDir string, logger logr.Logger) (*BootstrapManager, error)

NewBootstrapManager creates a new bootstrap ceremony manager. Parameters:

  • nodeID: Unique identifier for this node (hostname or configured ID)
  • bindAddr: Raft listener address (e.g., "0.0.0.0:7000")
  • bootstrapToken: Pre-shared key for Raft encryption
  • discoveryResult: Result from Phase 14 peer discovery
  • customSANs: Additional Subject Alternative Names for certificates
  • certDir: Certificate storage directory (e.g., "/var/lib/neuwerk/certs")
  • logger: Structured logger for bootstrap events

func (*BootstrapManager) DistributeJWTKey 

func (b *BootstrapManager) DistributeJWTKey(ctx context.Context, js jetstream.JetStream) error

DistributeJWTKey distributes the JWT signing key via NATS KV after NATS initialization. Called by the controller after NATS store is created (leader only).

func (*BootstrapManager) GetCAManager 

func (b *BootstrapManager) GetCAManager() *ca.Manager

GetCAManager returns the CA manager instance (may be nil if not yet created). Used by controller to access generated CAs for certificate issuance.

func (*BootstrapManager) GetPSKTransport added in v1.6.1 

func (b *BootstrapManager) GetPSKTransport() *raft.PSKTransport

GetPSKTransport returns the PSK transport instance. The transport is kept running for late joiner support after bootstrap.

func (*BootstrapManager) IsLeader 

func (b *BootstrapManager) IsLeader() bool

IsLeader returns true if this node is the bootstrap leader. Phase 16 CA manager checks this to decide whether to generate or wait for CA.

func (*BootstrapManager) RetrieveJWTKey 

func (b *BootstrapManager) RetrieveJWTKey(ctx context.Context, js jetstream.JetStream) error

RetrieveJWTKey retrieves the JWT signing key from NATS KV after NATS initialization. Called by the controller after NATS store is created (follower only).

func (*BootstrapManager) Run 

func (b *BootstrapManager) Run(ctx context.Context) error

Run executes the bootstrap ceremony and determines leadership. Flow:

  1. Check if CA already exists (skip bootstrap if yes)
  2. Single-node: Skip Raft, self-elect as leader
  3. Multi-node: Run Raft election, wait for stability if leader

Returns nil on success, error if bootstrap fails. Context should have sufficient timeout (60+ seconds for full ceremony).

func (*BootstrapManager) Shutdown 

func (b *BootstrapManager) Shutdown() error

Shutdown gracefully stops the bootstrap manager. If Raft was started, shuts it down without leaving cluster.

func (*BootstrapManager) WasLateJoiner added in v1.6.1 

func (b *BootstrapManager) WasLateJoiner() bool

WasLateJoiner returns true if this node joined via PATH A (late joiner flow). Used by controller to decide whether to store CA keys to NATS KV.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.