coordinate

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 14, 2026 License: Apache-2.0 Imports: 78 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultProjectOwner = "miren.system@miren.dev"
	DefaultCloudURL     = "https://api.miren.cloud"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type CloudAuthConfig 

type CloudAuthConfig struct {
	Enabled     bool              `json:"enabled" yaml:"enabled"`
	CloudURL    string            `json:"cloud_url" yaml:"cloud_url"`       // URL of miren.cloud (default: https://api.miren.cloud)
	PrivateKey  string            `json:"private_key" yaml:"private_key"`   // Required: Path to service account private key when enabled
	Tags        map[string]string `json:"tags" yaml:"tags"`                 // Tags from registration for RBAC evaluation
	ClusterID   string            `json:"cluster_id" yaml:"cluster_id"`     // Cluster ID for status reporting
	DNSHostname string            `json:"dns_hostname" yaml:"dns_hostname"` // Cloud-provisioned DNS hostname for the cluster
}

CloudAuthConfig contains cloud authentication settings

type Coordinator 

type Coordinator struct {
	CoordinatorConfig

	Log *slog.Logger
	// contains filtered or unexported fields
}

func NewCoordinator 

func NewCoordinator(log *slog.Logger, cfg CoordinatorConfig) *Coordinator

func (*Coordinator) Activator 

func (c *Coordinator) Activator() activator.AppActivator

func (*Coordinator) AutocertReadySignal added in v0.6.0 

func (c *Coordinator) AutocertReadySignal() func()

AutocertReadySignal returns a function that signals the autocert controller that the port-80 ACME challenge server is ready. Returns nil when the DNS-01 path is used (which doesn't need port 80).

func (*Coordinator) CertificateProvider 

func (c *Coordinator) CertificateProvider() autotls.CertificateProvider

CertificateProvider returns the certificate provider for use by autotls.

func (*Coordinator) HttpIngress added in v0.3.1 

func (c *Coordinator) HttpIngress() *httpingress.Server

func (*Coordinator) IssueCertificate 

func (c *Coordinator) IssueCertificate(name string) (*caauth.ClientCertificate, error)

func (*Coordinator) ListenAddress 

func (c *Coordinator) ListenAddress() string

func (*Coordinator) LoadAPICert 

func (c *Coordinator) LoadAPICert(ctx context.Context) error

func (*Coordinator) LoadCA 

func (c *Coordinator) LoadCA(ctx context.Context) error

func (*Coordinator) LocalConfig 

func (c *Coordinator) LocalConfig() (*clientconfig.Config, error)

func (*Coordinator) NamedConfig 

func (c *Coordinator) NamedConfig(name string) (*clientconfig.Config, error)

func (*Coordinator) PublicIPs added in v0.7.0 

func (c *Coordinator) PublicIPs() []net.IP

PublicIPs returns the cluster's known public IP addresses from netcheck, falling back to user-provided AdditionalIPs and auto-discovered IPs (filtered to global unicast, non-private) if netcheck hasn't run yet.

func (*Coordinator) ReportStartupStatus 

func (c *Coordinator) ReportStartupStatus(ctx context.Context) error

ReportStatus reports the current cluster status to miren.cloud

func (*Coordinator) ReportStatus 

func (c *Coordinator) ReportStatus(ctx context.Context) error

ReportStatus reports the current cluster status to miren.cloud

func (*Coordinator) RunnerConfig added in v0.2.0 

func (c *Coordinator) RunnerConfig(listenAddress string) (*clientconfig.Config, error)

RunnerConfig returns a client config for a runner service with proper TLS certificate SANs. The certificate will be valid for localhost and the runner's listen address.

func (*Coordinator) SandboxPoolManager 

func (c *Coordinator) SandboxPoolManager() *sandboxpool.Manager

func (*Coordinator) Server 

func (c *Coordinator) Server() *rpc.Server

func (*Coordinator) ServiceConfig 

func (c *Coordinator) ServiceConfig() (*clientconfig.Config, error)

func (*Coordinator) Start 

func (c *Coordinator) Start(ctx context.Context) error

func (*Coordinator) Stop 

func (c *Coordinator) Stop()

Stop stops the coordinator and all managed controllers

type CoordinatorConfig 

type CoordinatorConfig struct {
	Address         string              `json:"address" yaml:"address"`
	EtcdEndpoints   []string            `json:"etcd_endpoints" yaml:"etcd_endpoints"`
	Prefix          string              `json:"prefix" yaml:"prefix"`
	NetworkBackend  string              `json:"network_backend" yaml:"network_backend"`
	Resolver        netresolve.Resolver `json:"resolver" yaml:"resolver"`
	TempDir         string              `json:"temp_dir" yaml:"temp_dir"`
	DataPath        string              `json:"data_path" yaml:"data_path"`
	AdditionalNames []string            `json:"additional_names" yaml:"additional_names"`
	AdditionalIPs   []net.IP            `json:"additional_ips" yaml:"additional_ips"`
	DiscoveredIPs   []net.IP            `json:"discovered_ips" yaml:"discovered_ips"`

	// ACME certificate configuration
	AcmeEmail       string `json:"acme_email" yaml:"acme_email"`
	AcmeDNSProvider string `json:"acme_dns_provider" yaml:"acme_dns_provider"`

	// Cloud authentication configuration
	CloudAuth CloudAuthConfig `json:"cloud_auth" yaml:"cloud_auth"`

	// NoAuth disables authentication entirely (for testing only)
	NoAuth bool `json:"no_auth" yaml:"no_auth"`

	// EtcdTLS holds mTLS configuration for etcd connections (optional).
	// When set, the coordinator will use mTLS to connect to etcd.
	EtcdTLS *EtcdTLSConfig `json:"etcd_tls" yaml:"etcd_tls"`

	Mem       *metrics.MemoryUsage
	Cpu       *metrics.CPUUsage
	HTTP      *metrics.HTTPMetrics
	Logs      *observability.LogReader
	LogWriter observability.LogWriter

	// Observability addresses for distributed runners
	VictoriametricsAddress string
	VictorialogsAddress    string

	// BuildKit is the persistent BuildKit component for container image builds
	BuildKit *buildkit.Component

	// HTTPRequestTimeout is the timeout for HTTP requests to app sandboxes
	HTTPRequestTimeout time.Duration
}

type EtcdTLSConfig added in v0.4.0 

type EtcdTLSConfig struct {
	CertPEM []byte // Client certificate PEM
	KeyPEM  []byte // Client private key PEM
	CACert  []byte // CA certificate PEM for verifying server
}

EtcdTLSConfig holds TLS configuration for connecting to etcd with mTLS.

type EtcdTLSSetupResult added in v0.4.0 

type EtcdTLSSetupResult struct {
	// CertsDir is the directory containing etcd server certs (ca.crt, server.crt, server.key)
	CertsDir string
	// ClientTLS is the TLS config for clients connecting to etcd
	ClientTLS *EtcdTLSConfig
	// ClientCertFile is the path to the client certificate on disk
	ClientCertFile string
	// ClientKeyFile is the path to the client private key on disk
	ClientKeyFile string
	// CAFile is the path to the CA certificate on disk
	CAFile string
}

EtcdTLSSetupResult contains the results of setting up etcd TLS.

func SetupEtcdTLS added in v0.4.0 

func SetupEtcdTLS(log *slog.Logger, dataPath string, extraDNSNames []string, extraIPs []net.IP) (*EtcdTLSSetupResult, error)

SetupEtcdTLS loads the existing CA and ensures valid etcd mTLS certificates. Existing certificates are reused if their SANs match and they aren't near expiry; otherwise they are regenerated. The dataPath should be the same path used for CoordinatorConfig.DataPath. The CA must already exist (created by the coordinator's LoadCA). Additional DNS names and IPs are included in the server certificate SANs so that distributed runners can connect to etcd over the network.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.