mirror of
				https://github.com/siderolabs/talos.git
				synced 2025-10-26 05:51:17 +01:00 
			
		
		
		
	This is a rewrite of machined. It addresses some of the limitations and
complexity in the implementation. This introduces the idea of a
controller. A controller is responsible for managing the runtime, the
sequencer, and a new state type introduced in this PR.
A few highlights are:
- no more event bus
- functional approach to tasks (no more types defined for each task)
  - the task function definition now offers a lot more context, like
    access to raw API requests, the current sequence, a logger, the new
    state interface, and the runtime interface.
- no more panics to handle reboots
- additional initialize and reboot sequences
- graceful gRPC server shutdown on critical errors
- config is now stored at install time to avoid having to download it at
  install time and at boot time
- upgrades now use the local config instead of downloading it
- the upgrade API's preserve option takes precedence over the config's
  install force option
Additionally, this pulls various packes in under machined to make the
code easier to navigate.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
		
	
			
		
			
				
	
	
		
			81 lines
		
	
	
		
			2.2 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			81 lines
		
	
	
		
			2.2 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| // This Source Code Form is subject to the terms of the Mozilla Public
 | |
| // License, v. 2.0. If a copy of the MPL was not distributed with this
 | |
| // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 | |
| 
 | |
| package kubeconfig
 | |
| 
 | |
| import (
 | |
| 	"encoding/base64"
 | |
| 	"fmt"
 | |
| 	"io"
 | |
| 	"text/template"
 | |
| 	"time"
 | |
| 
 | |
| 	"github.com/talos-systems/talos/internal/app/machined/pkg/runtime"
 | |
| 	"github.com/talos-systems/talos/pkg/constants"
 | |
| 	"github.com/talos-systems/talos/pkg/crypto/x509"
 | |
| )
 | |
| 
 | |
| const adminKubeConfigTemplate = `apiVersion: v1
 | |
| kind: Config
 | |
| clusters:
 | |
| - name: {{ .Cluster }}
 | |
|   cluster:
 | |
|     server: {{ .Server }}
 | |
|     certificate-authority-data: {{ .CACert }}
 | |
| users:
 | |
| - name: admin
 | |
|   user:
 | |
|     client-certificate-data: {{ .AdminCert }}
 | |
|     client-key-data: {{ .AdminKey }}
 | |
| contexts:
 | |
| - context:
 | |
|     cluster: {{ .Cluster }}
 | |
|     user: admin
 | |
|   name: admin@{{ .Cluster }}
 | |
| current-context: admin@{{ .Cluster }}
 | |
| `
 | |
| 
 | |
| // GenerateAdmin generates admin kubeconfig for the cluster.
 | |
| func GenerateAdmin(config runtime.ClusterConfig, out io.Writer) error {
 | |
| 	tpl, err := template.New("kubeconfig").Parse(adminKubeConfigTemplate)
 | |
| 	if err != nil {
 | |
| 		return fmt.Errorf("error parsing kubeconfig template: %w", err)
 | |
| 	}
 | |
| 
 | |
| 	k8sCA, err := config.CA().GetCert()
 | |
| 	if err != nil {
 | |
| 		return fmt.Errorf("error getting Kubernetes CA certificate: %w", err)
 | |
| 	}
 | |
| 
 | |
| 	k8sKey, err := config.CA().GetRSAKey()
 | |
| 	if err != nil {
 | |
| 		return fmt.Errorf("error parseing Kubernetes key: %w", err)
 | |
| 	}
 | |
| 
 | |
| 	adminCert, err := x509.NewCertficateAndKey(k8sCA, k8sKey,
 | |
| 		x509.RSA(true),
 | |
| 		x509.CommonName(constants.KubernetesAdminCertCommonName),
 | |
| 		x509.Organization(constants.KubernetesAdminCertOrganization),
 | |
| 		x509.NotAfter(time.Now().Add(config.AdminKubeconfig().CertLifetime())))
 | |
| 	if err != nil {
 | |
| 		return fmt.Errorf("error generating admin certificate: %w", err)
 | |
| 	}
 | |
| 
 | |
| 	input := struct {
 | |
| 		Cluster   string
 | |
| 		CACert    string
 | |
| 		AdminCert string
 | |
| 		AdminKey  string
 | |
| 		Server    string
 | |
| 	}{
 | |
| 		Cluster:   config.Name(),
 | |
| 		CACert:    base64.StdEncoding.EncodeToString(config.CA().Crt),
 | |
| 		AdminCert: base64.StdEncoding.EncodeToString(adminCert.Crt),
 | |
| 		AdminKey:  base64.StdEncoding.EncodeToString(adminCert.Key),
 | |
| 		Server:    config.Endpoint().String(),
 | |
| 	}
 | |
| 
 | |
| 	return tpl.Execute(out, input)
 | |
| }
 |