agent

package

v1.4.1 Latest Latest Go to latest Published: Sep 6, 2022 License: Apache-2.0 Imports: 34 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/spiffe/spire

Links

Open Source Insights

Documentation ¶

Index ¶

type Agent
- func New(c *Config) *Agent
- func (a *Agent) CheckHealth() health.State
- func (a *Agent) Run(ctx context.Context) error
type Config

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Agent ¶

type Agent struct {
	// contains filtered or unexported fields
}

func New ¶

func New(c *Config) *Agent

func (*Agent) CheckHealth ¶ added in v1.0.0

func (a *Agent) CheckHealth() health.State

CheckHealth is used as a top-level health check for the agent.

func (*Agent) Run ¶

func (a *Agent) Run(ctx context.Context) error

Run the agent This method initializes the agent, including its plugins, and then blocks on the main event loop.

type Config ¶

type Config struct {
	// Address to bind the workload api to
	BindAddress net.Addr

	// Directory to store runtime data
	DataDir string

	// Directory to bind the admin api to
	AdminBindAddress net.Addr

	// The Validation Context resource name to use when fetching X.509 bundle together with federated bundles with Envoy SDS
	DefaultAllBundlesName string

	// The Validation Context resource name to use for the default X.509 bundle with Envoy SDS
	DefaultBundleName string

	// Disable custom Envoy SDS validator
	DisableSPIFFECertValidation bool

	// The TLS Certificate resource name to use for the default X509-SVID with Envoy SDS
	DefaultSVIDName string

	// If true, the agent will bootstrap insecurely with the server
	InsecureBootstrap bool

	// HealthChecks provides the configuration for health monitoring
	HealthChecks health.Config

	// Configurations for agent plugins
	PluginConfigs catalog.HCLPluginConfigMap

	Log logrus.FieldLogger

	// LogReopener facilitates handling a signal to rotate log file.
	LogReopener func(context.Context) error

	// Address of SPIRE server
	ServerAddress string

	// SVID key type
	WorkloadKeyType workloadkey.KeyType

	// SyncInterval controls how often the agent sync synchronizer waits
	SyncInterval time.Duration

	// Trust domain and associated CA bundle
	TrustDomain spiffeid.TrustDomain
	TrustBundle []*x509.Certificate

	// Join token to use for attestation, if needed
	JoinToken string

	// If true enables profiling.
	ProfilingEnabled bool

	// Port used by the pprof web server when ProfilingEnabled == true
	ProfilingPort int

	// Frequency in seconds by which each profile file will be generated.
	ProfilingFreq int

	// Array of profiles names that will be generated on each profiling tick.
	ProfilingNames []string

	// Telemetry provides the configuration for metrics exporting
	Telemetry telemetry.FileConfig

	AllowUnauthenticatedVerifiers bool

	// List of allowed claims response when calling ValidateJWTSVID using a foreign identity
	AllowedForeignJWTClaims []string

	AuthorizedDelegates []string
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
api
debug/v1
delegatedidentity/v1
health/v1
rpccontext
attestor
node
workload
catalog
client
common
backoff
cgroups
endpoints
sdsv2
sdsv3
workload
manager
cache
storecache
plugin
keymanager
keymanager/base
keymanager/disk
keymanager/memory
keymanager/test
nodeattestor
nodeattestor/awsiid
nodeattestor/azuremsi
nodeattestor/gcpiit
nodeattestor/jointoken
nodeattestor/k8spsat
nodeattestor/k8ssat
nodeattestor/sshpop
nodeattestor/test
nodeattestor/tpmdevid
nodeattestor/tpmdevid/tpmutil
nodeattestor/x509pop
svidstore
svidstore/awssecretsmanager
svidstore/gcpsecretmanager
workloadattestor
workloadattestor/docker
workloadattestor/docker/cgroup
workloadattestor/k8s
workloadattestor/unix
workloadattestor/windows
storage
svid
store
workloadkey

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL