Documentation
¶
Index ¶
- func EnsureCASecretForCluster(ctx context.Context, c ctrlclient.Client, cluster *clusterv1.Cluster) error
- func EnsureRegistryAddonRootCASecret(ctx context.Context, c ctrlclient.Client) error
- func EnsureRegistryServerCertificateSecretOnRemoteCluster(ctx context.Context, c ctrlclient.Client, cluster *clusterv1.Cluster, ...) error
- func ServiceIPForCluster(cluster *clusterv1.Cluster) (string, error)
- type CertificateSpec
- type EnsureCertificateOpts
- type RegistryMetadata
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func EnsureCASecretForCluster ¶
func EnsureCASecretForCluster( ctx context.Context, c ctrlclient.Client, cluster *clusterv1.Cluster, ) error
EnsureCASecretForCluster ensures that the registry addon CA secret exists for the given cluster. It copies the ca.crt value from the global CA secret to a unique secret in the cluster's namespace.
func EnsureRegistryAddonRootCASecret ¶ added in v0.30.0
func EnsureRegistryAddonRootCASecret( ctx context.Context, c ctrlclient.Client, ) error
EnsureRegistryAddonRootCASecret ensures that the registry addon root CA secret exists. This Secret is used to sign the registry TLS certificates for the remote clusters.
func EnsureRegistryServerCertificateSecretOnRemoteCluster ¶
func EnsureRegistryServerCertificateSecretOnRemoteCluster( ctx context.Context, c ctrlclient.Client, cluster *clusterv1.Cluster, opts *EnsureCertificateOpts, ) error
EnsureRegistryServerCertificateSecretOnRemoteCluster ensures that a registry TLS certificate is signed by the global CA and is created as secret on the remote cluster.
The high level flow is as follows: 1. Create a new TLS certificate and sign it with the global CA. 2. Copy the TLS certificate secret to the remote cluster to be used by the registry Pods.
Intentionally not using cert-manager to create the certificate, as we want to avoid automatic renewal and instead recreate the certificate each time with a new expiration date.
Types ¶
type CertificateSpec ¶
type CertificateSpec struct {
// CommonName is the common name to be included in the certificate.
CommonName string
// DNSNames is a list of DNS names to be included in the certificate.
DNSNames []string
// IPAddresses is a list of IP addresses to be included in the certificate.
IPAddresses []string
// Duration is the duration for which the certificate is valid.
Duration time.Duration
}
type EnsureCertificateOpts ¶
type EnsureCertificateOpts struct {
// RemoteSecretKey is the name and namespace of the TLS secret to be created on the remote cluster.
RemoteSecretKey ctrlclient.ObjectKey
Spec CertificateSpec
}
type RegistryMetadata ¶ added in v0.31.0
type RegistryMetadata struct {
HelmReleaseName string
HelmReleaseNamespace string
Replicas int32
Namespace string
AnyPodName string
ServiceName string
HeadlessServiceName string
ServiceIP string
ServicePort int32
HeadlessServicePort int32
// AddressFromClusterNetwork is the FQDN of the registry service as seen from the cluster network.
AddressFromClusterNetwork string
TLSSecretName string
// CASecretName is the name of the Secret on the management cluster that contains the CA certificate.
CASecretName string
CertificateDNSNames []string
CertificateIPAddresses []string
}
func GetRegistryMetadata ¶ added in v0.31.0
func GetRegistryMetadata(cluster *clusterv1.Cluster) (*RegistryMetadata, error)
GetRegistryMetadata returns the registry metadata for a given cluster based on the addon provider.
Source Files