mirror of
https://github.com/siderolabs/talos.git
synced 2025-08-20 22:21:13 +02:00
49307d554d
This is a rewrite of machined. It addresses some of the limitations and
complexity in the implementation. This introduces the idea of a
controller. A controller is responsible for managing the runtime, the
sequencer, and a new state type introduced in this PR.
A few highlights are:
- no more event bus
- functional approach to tasks (no more types defined for each task)
- the task function definition now offers a lot more context, like
access to raw API requests, the current sequence, a logger, the new
state interface, and the runtime interface.
- no more panics to handle reboots
- additional initialize and reboot sequences
- graceful gRPC server shutdown on critical errors
- config is now stored at install time to avoid having to download it at
install time and at boot time
- upgrades now use the local config instead of downloading it
- the upgrade API's preserve option takes precedence over the config's
install force option
Additionally, this pulls various packes in under machined to make the
code easier to navigate.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
81 lines
2.2 KiB
Go
81 lines
2.2 KiB
Go
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
package kubeconfig
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"fmt"
|
|
"io"
|
|
"text/template"
|
|
"time"
|
|
|
|
"github.com/talos-systems/talos/internal/app/machined/pkg/runtime"
|
|
"github.com/talos-systems/talos/pkg/constants"
|
|
"github.com/talos-systems/talos/pkg/crypto/x509"
|
|
)
|
|
|
|
const adminKubeConfigTemplate = `apiVersion: v1
|
|
kind: Config
|
|
clusters:
|
|
- name: {{ .Cluster }}
|
|
cluster:
|
|
server: {{ .Server }}
|
|
certificate-authority-data: {{ .CACert }}
|
|
users:
|
|
- name: admin
|
|
user:
|
|
client-certificate-data: {{ .AdminCert }}
|
|
client-key-data: {{ .AdminKey }}
|
|
contexts:
|
|
- context:
|
|
cluster: {{ .Cluster }}
|
|
user: admin
|
|
name: admin@{{ .Cluster }}
|
|
current-context: admin@{{ .Cluster }}
|
|
`
|
|
|
|
// GenerateAdmin generates admin kubeconfig for the cluster.
|
|
func GenerateAdmin(config runtime.ClusterConfig, out io.Writer) error {
|
|
tpl, err := template.New("kubeconfig").Parse(adminKubeConfigTemplate)
|
|
if err != nil {
|
|
return fmt.Errorf("error parsing kubeconfig template: %w", err)
|
|
}
|
|
|
|
k8sCA, err := config.CA().GetCert()
|
|
if err != nil {
|
|
return fmt.Errorf("error getting Kubernetes CA certificate: %w", err)
|
|
}
|
|
|
|
k8sKey, err := config.CA().GetRSAKey()
|
|
if err != nil {
|
|
return fmt.Errorf("error parseing Kubernetes key: %w", err)
|
|
}
|
|
|
|
adminCert, err := x509.NewCertficateAndKey(k8sCA, k8sKey,
|
|
x509.RSA(true),
|
|
x509.CommonName(constants.KubernetesAdminCertCommonName),
|
|
x509.Organization(constants.KubernetesAdminCertOrganization),
|
|
x509.NotAfter(time.Now().Add(config.AdminKubeconfig().CertLifetime())))
|
|
if err != nil {
|
|
return fmt.Errorf("error generating admin certificate: %w", err)
|
|
}
|
|
|
|
input := struct {
|
|
Cluster string
|
|
CACert string
|
|
AdminCert string
|
|
AdminKey string
|
|
Server string
|
|
}{
|
|
Cluster: config.Name(),
|
|
CACert: base64.StdEncoding.EncodeToString(config.CA().Crt),
|
|
AdminCert: base64.StdEncoding.EncodeToString(adminCert.Crt),
|
|
AdminKey: base64.StdEncoding.EncodeToString(adminCert.Key),
|
|
Server: config.Endpoint().String(),
|
|
}
|
|
|
|
return tpl.Execute(out, input)
|
|
}
|