Documentation
¶
Index ¶
- func IsPodIdentityAgentInstalled(ctx context.Context, eksAPI awsapi.EKS, clusterName string) (bool, error)
- func MakeAddonPodIdentityStackName(clusterName, addonName, serviceAccountName string) string
- func MakeStackName(clusterName, namespace, serviceAccountName string) string
- type APIDeleter
- type APILister
- type APIUpdater
- type AddonCreator
- type AddonMigrator
- type AddonServiceAccountRoleMapper
- type Creator
- type Deleter
- type EKSAddonsAPI
- type Getter
- type IAMRoleCreator
- type IAMRoleGetter
- type IAMRoleUpdater
- type IRSAv1StackNameResolver
- type IRSAv1StackSummary
- type Identifier
- type Migrator
- type PodIdentityMigrationOptions
- type RoleMigrator
- type RoleUpdateValidator
- type StackCreator
- type StackDeleter
- type StackDescriber
- type StackLister
- type StackUpdater
- type Summary
- type UpdateConfig
- type Updater
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsPodIdentityAgentInstalled ¶ added in v0.166.0
func IsPodIdentityAgentInstalled(ctx context.Context, eksAPI awsapi.EKS, clusterName string) (bool, error)
func MakeAddonPodIdentityStackName ¶ added in v0.181.0
func MakeAddonPodIdentityStackName(clusterName, addonName, serviceAccountName string) string
func MakeStackName ¶
func MakeStackName(clusterName, namespace, serviceAccountName string) string
MakeStackName creates a stack name for the specified access entry.
Types ¶
type APIDeleter ¶
type APIDeleter interface {
APILister
DeletePodIdentityAssociation(ctx context.Context, params *eks.DeletePodIdentityAssociationInput, optFns ...func(*eks.Options)) (*eks.DeletePodIdentityAssociationOutput, error)
}
APIDeleter lists and deletes pod identity associations using the EKS API.
type APILister ¶
type APILister interface {
ListPodIdentityAssociations(ctx context.Context, params *eks.ListPodIdentityAssociationsInput, optFns ...func(*eks.Options)) (*eks.ListPodIdentityAssociationsOutput, error)
}
APILister lists pod identity associations using the EKS API.
type APIUpdater ¶
type APIUpdater interface {
APILister
DescribePodIdentityAssociation(ctx context.Context, params *eks.DescribePodIdentityAssociationInput, optFns ...func(*eks.Options)) (*eks.DescribePodIdentityAssociationOutput, error)
UpdatePodIdentityAssociation(ctx context.Context, params *eks.UpdatePodIdentityAssociationInput, optFns ...func(*eks.Options)) (*eks.UpdatePodIdentityAssociationOutput, error)
}
APIUpdater updates pod identity associations using the EKS API.
type AddonCreator ¶ added in v0.166.0
type AddonCreator interface {
Create(ctx context.Context, addon *api.Addon, waitTimeout time.Duration) error
}
type AddonMigrator ¶ added in v0.181.0
type AddonMigrator struct {
ClusterName string
AddonServiceAccountRoleMapper AddonServiceAccountRoleMapper
IAMRoleGetter IAMRoleGetter
StackDescriber StackDescriber
EKSAddonsAPI EKSAddonsAPI
RoleMigrator RoleMigrator
}
AddonMigrator migrates EKS managed addons using IRSAv1 to EKS Pod Identity.
type AddonServiceAccountRoleMapper ¶ added in v0.181.0
type AddonServiceAccountRoleMapper map[string]*ekstypes.Addon
AddonServiceAccountRoleMapper maps service account role ARNs to EKS addons.
func CreateAddonServiceAccountRoleMapper ¶ added in v0.181.0
func CreateAddonServiceAccountRoleMapper(ctx context.Context, clusterName string, eksAddonsAPI EKSAddonsAPI) (AddonServiceAccountRoleMapper, error)
CreateAddonServiceAccountRoleMapper creates an AddonServiceAccountRoleMapper that maps service account role ARNs to EKS addons.
func (AddonServiceAccountRoleMapper) AddonForServiceAccountRole ¶ added in v0.181.0
func (m AddonServiceAccountRoleMapper) AddonForServiceAccountRole(roleARN string) *ekstypes.Addon
AddonForServiceAccountRole returns the addon used by roleARN.
type Creator ¶
type Creator struct {
// contains filtered or unexported fields
}
func NewCreator ¶
func NewCreator(clusterName string, stackCreator StackCreator, eksAPI awsapi.EKS, clientSet kubeclient.Interface) *Creator
func (*Creator) CreatePodIdentityAssociations ¶
func (c *Creator) CreatePodIdentityAssociations(ctx context.Context, podIdentityAssociations []api.PodIdentityAssociation) error
func (*Creator) CreateTasks ¶
func (c *Creator) CreateTasks(ctx context.Context, podIdentityAssociations []api.PodIdentityAssociation, ignorePodIdentityExistsErr bool) *tasks.TaskTree
type Deleter ¶
type Deleter struct {
// ClusterName is the cluster name.
ClusterName string
// StackDeleter is used to delete stacks.
StackDeleter StackDeleter
// APIDeleter deletes pod identity associations using the EKS API.
APIDeleter APIDeleter
// ClientSet is used to delete K8s service accounts.
ClientSet kubeclient.Interface
}
A Deleter deletes pod identity associations.
func NewDeleter ¶
func NewDeleter(clusterName string, stackDeleter StackDeleter, apiDeleter APIDeleter, clientSet kubeclient.Interface) *Deleter
func (*Deleter) Delete ¶
func (d *Deleter) Delete(ctx context.Context, podIDs []Identifier) error
Delete deletes the specified podIdentityAssociations.
func (*Deleter) DeleteTasks ¶
func (d *Deleter) DeleteTasks(ctx context.Context, podIDs []Identifier) (*tasks.TaskTree, error)
type EKSAddonsAPI ¶ added in v0.181.0
type EKSAddonsAPI interface {
ListAddons(ctx context.Context, params *eks.ListAddonsInput, optFns ...func(*eks.Options)) (*eks.ListAddonsOutput, error)
DescribeAddon(ctx context.Context, params *eks.DescribeAddonInput, optFns ...func(*eks.Options)) (*eks.DescribeAddonOutput, error)
DescribeAddonConfiguration(ctx context.Context, params *eks.DescribeAddonConfigurationInput, optFns ...func(*eks.Options)) (*eks.DescribeAddonConfigurationOutput, error)
UpdateAddon(ctx context.Context, params *eks.UpdateAddonInput, optFns ...func(*eks.Options)) (*eks.UpdateAddonOutput, error)
}
type Getter ¶
type Getter struct {
// contains filtered or unexported fields
}
func (*Getter) GetPodIdentityAssociations ¶
func (g *Getter) GetPodIdentityAssociations(ctx context.Context, namespace, serviceAccountName string) ([]Summary, error)
type IAMRoleCreator ¶ added in v0.181.0
type IAMRoleCreator struct {
ClusterName string
StackCreator StackCreator
}
IAMRoleCreator creates IAM resources for a pod identity association.
func (*IAMRoleCreator) Create ¶ added in v0.181.0
func (r *IAMRoleCreator) Create(ctx context.Context, podIdentityAssociation *api.PodIdentityAssociation, addonName string) (string, error)
Create creates IAM resources for podIdentityAssociation. If podIdentityAssociation belongs to an addon, addonName must be non-empty.
type IAMRoleGetter ¶ added in v0.181.0
type IAMRoleGetter interface {
GetRole(ctx context.Context, params *iam.GetRoleInput, optFns ...func(*iam.Options)) (*iam.GetRoleOutput, error)
}
type IAMRoleUpdater ¶ added in v0.181.0
type IAMRoleUpdater struct {
// StackUpdater updates CloudFormation stacks.
StackUpdater StackUpdater
}
IAMRoleUpdater updates IAM resources for pod identity associations.
func (*IAMRoleUpdater) Update ¶ added in v0.181.0
func (u *IAMRoleUpdater) Update(ctx context.Context, podIdentityAssociation api.PodIdentityAssociation, stackName, podIdentityAssociationID string) (string, bool, error)
Update updates IAM resources for podIdentityAssociation and returns an IAM role ARN upon success. The boolean return value reports whether the IAM resources have changed or not.
type IRSAv1StackNameResolver ¶ added in v0.166.0
type IRSAv1StackNameResolver map[string]IRSAv1StackSummary
type IRSAv1StackSummary ¶ added in v0.166.0
type IRSAv1StackSummary struct {
Name string
Tags map[string]string
Capabilities []string
}
type Identifier ¶
type Identifier struct {
// Namespace is the namespace the service account belongs to.
Namespace string
// ServiceAccountName is the name of the Kubernetes ServiceAccount.
ServiceAccountName string
}
Identifier represents a pod identity association.
func ToIdentifiers ¶
func ToIdentifiers(podIdentityAssociations []api.PodIdentityAssociation) []Identifier
ToIdentifiers maps a list of PodIdentityAssociations to a list of Identifiers.
func (Identifier) NameString ¶ added in v0.166.0
func (i Identifier) NameString() string
type Migrator ¶ added in v0.166.0
type Migrator struct {
// contains filtered or unexported fields
}
func NewMigrator ¶ added in v0.166.0
func NewMigrator(
clusterName string,
eksAPI awsapi.EKS,
iamAPI awsapi.IAM,
stackUpdater StackUpdater,
clientSet kubernetes.Interface,
addonCreator AddonCreator,
) *Migrator
func (*Migrator) MigrateToPodIdentity ¶ added in v0.166.0
func (m *Migrator) MigrateToPodIdentity(ctx context.Context, options PodIdentityMigrationOptions) error
type PodIdentityMigrationOptions ¶ added in v0.166.0
type PodIdentityMigrationOptions struct {
RemoveOIDCProviderTrustRelationship bool
Approve bool
Timeout time.Duration
}
type RoleMigrator ¶ added in v0.181.0
type RoleMigrator interface {
UpdateTrustPolicyForOwnedRoleTask(ctx context.Context, roleName, serviceAccountName string, stack IRSAv1StackSummary, removeOIDCProviderTrustRelationship bool) tasks.Task
UpdateTrustPolicyForUnownedRoleTask(ctx context.Context, roleName string, removeOIDCProviderTrustRelationship bool) tasks.Task
}
A RoleMigrator updates an IAM role to use EKS Pod Identity.
type RoleUpdateValidator ¶ added in v0.181.0
type RoleUpdateValidator struct {
StackDescriber StackDescriber
}
func (*RoleUpdateValidator) ValidateRoleUpdate ¶ added in v0.181.0
func (r *RoleUpdateValidator) ValidateRoleUpdate(pia api.PodIdentityAssociation, association ekstypes.PodIdentityAssociation, hasStack bool) error
ValidateRoleUpdate validates the role associated with pia.
type StackCreator ¶ added in v0.166.0
type StackCreator interface {
CreateStack(ctx context.Context, name string, stack builder.ResourceSetReader, tags, parameters map[string]string, errs chan error) error
}
type StackDeleter ¶
type StackDeleter interface {
StackLister
DeleteStackBySpecSync(ctx context.Context, stack *cfntypes.Stack, errCh chan error) error
}
A StackDeleter lists and deletes CloudFormation stacks.
type StackDescriber ¶ added in v0.181.0
type StackDescriber interface {
DescribeStack(context.Context, *manager.Stack) (*manager.Stack, error)
}
type StackLister ¶
type StackLister interface {
ListPodIdentityStackNames(ctx context.Context) ([]string, error)
DescribeStack(ctx context.Context, stack *manager.Stack) (*manager.Stack, error)
GetStackTemplate(ctx context.Context, stackName string) (string, error)
GetIAMServiceAccounts(ctx context.Context) ([]*api.ClusterIAMServiceAccount, error)
}
A StackLister lists and describes CloudFormation stacks.
type StackUpdater ¶
type StackUpdater interface {
StackLister
// MustUpdateStack updates the CloudFormation stack.
MustUpdateStack(ctx context.Context, options manager.UpdateStackOptions) error
}
A StackUpdater updates CloudFormation stacks.
type Summary ¶
type Summary struct {
AssociationARN string
Namespace string
ServiceAccountName string
RoleARN string
OwnerARN string
}
type UpdateConfig ¶ added in v0.181.0
type UpdateConfig struct {
PodIdentityAssociation api.PodIdentityAssociation
AssociationID string
HasIAMResourcesStack bool
StackName string
}
UpdateConfig holds configuration for updating a pod identity association.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.