mirror of
https://github.com/siderolabs/omni.git
synced 2025-08-10 19:46:57 +02:00
63ad5bd1ef
Fixes: https://github.com/siderolabs/omni/issues/33 It is now possible to get full access `kubeconfig` and `talosconfig` (operator role), if the Omni instance has `enable-break-glass-configs` flag enabled. They can be downloaded using cli commands: `omnictl kubeconfig --admin --cluster <name>` `omnictl talosconfig --admin --cluster <name>` After you download the config the cluster will be marked with `omni.sidero.dev/tainted` annotation to keep in mind that this cluster has weaker security and might need to get secrets rotation in the future. Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
39 lines
1.1 KiB
Go
39 lines
1.1 KiB
Go
// Copyright (c) 2024 Sidero Labs, Inc.
|
|
//
|
|
// Use of this software is governed by the Business Source License
|
|
// included in the LICENSE file.
|
|
|
|
// Package helpers defines common runtime helper functions.
|
|
package helpers
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/cosi-project/runtime/pkg/resource"
|
|
"github.com/cosi-project/runtime/pkg/safe"
|
|
"github.com/cosi-project/runtime/pkg/state"
|
|
|
|
"github.com/siderolabs/omni/client/pkg/omni/resources/omni"
|
|
)
|
|
|
|
// GetMachineEndpoints reads all possible machine endpoints from the ClusterMachineIdentity resources.
|
|
func GetMachineEndpoints(ctx context.Context, st state.State, clusterName string) ([]string, error) {
|
|
endpoints, err := safe.ReaderListAll[*omni.ClusterMachineIdentity](ctx, st,
|
|
state.WithLabelQuery(
|
|
resource.LabelEqual(omni.LabelCluster, clusterName),
|
|
resource.LabelExists(omni.LabelControlPlaneRole),
|
|
),
|
|
)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
res := make([]string, 0, endpoints.Len())
|
|
|
|
endpoints.ForEach(func(r *omni.ClusterMachineIdentity) {
|
|
res = append(res, r.TypedSpec().Value.NodeIps...)
|
|
})
|
|
|
|
return res, nil
|
|
}
|