README
¶
Auth and bootstrap for GCP
This is a separate module, with dependencies to GCP APIs related to authentication, getting secrets and auto config.
The meshauth and mk8s packages have min deps and provide zero-deps REST alternatives for some of this code. This package provides the integration using official library.
The identity is based on:
- GOOGLE_APPLICATION_CREDENTIALS
- well known file ~/.config/gcloud/application_default_credentials.json
- if MDS is detected - GCE_METADATA_HOST, 169.254.169.254 and metadata.google.internal (2 sec timeout !)
Dependencies
golang.org/x/oauth2 - which in turn depends on gcp/metadata, protobuf This is the main Oauth2 library for go.
Documentation
¶
Index ¶
- func Dump(ctx context.Context, gke *GKE)
- func RegionFromMetadata() (string, error)
- type GKE
- func (gke *GKE) GKECluster(ctx context.Context, p string) (*k8s.K8SCluster, error)
- func (gcp *GKE) GetToken(ctx context.Context, aud string) (string, error)
- func (gke *GKE) LoadGKEClusters(ctx context.Context, configProjectId string, location string) ([]*k8s.K8SCluster, error)
- func (gke *GKE) LoadHubClusters(ctx context.Context, configProjectId string) ([]*k8s.K8SCluster, error)
- func (gcp *GKE) NumericProjectId() int
- func (gcp *GKE) ProjectData() *crm.Project
- func (gke *GKE) ProjectId() string
- func (gcp *GKE) Token() (*oauth2.Token, error)
- type GKECluster
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RegionFromMetadata ¶
Types ¶
type GKE ¶
type GKE struct {
// MDS is equivalent to the recursive result of the metadata server, but
// can be part of the config file. Will look in ~/.kube/mds.json for defaults.
*meshauth.MeshCfg `json:inline`
// Discovered certificates and local identity, metadata.
MeshAuth *meshauth.MeshAuth `json:-`
// Clusters loaded from kube config, env, etc.
// Default should be set after New().
K8S *k8s.K8S `json:-`
// Returns access tokens for a user or service account (via MDS or default credentials) or federated access tokens (GKE without a paired GSA).
AccessTokenSource oauth2.TokenSource
// Raw token source - can be the default K8S cluster.
TokenSource meshauth.TokenSource
// contains filtered or unexported fields
}
TODO: finish hub.
func New ¶
New will initialize a default K8S cluster - using the environment. It may also load clusters from GKE or HUB, and init metadata and meshauth. Use if running with GKE clusters and need GCP features. The k8s package can also be used with GKE clusters with minimal deps.
func (*GKE) GKECluster ¶
GKECluster returns a GKE cluster by getting the config from ClusterManager It is used when a K8S cluster is explicitly configured.
func (*GKE) LoadGKEClusters ¶
func (gke *GKE) LoadGKEClusters(ctx context.Context, configProjectId string, location string) ([]*k8s.K8SCluster, error)
Updates the list of clusters in the specified GKE project.
Requires container.clusters.list
func (*GKE) LoadHubClusters ¶
func (gke *GKE) LoadHubClusters(ctx context.Context, configProjectId string) ([]*k8s.K8SCluster, error)
Find clusters in the hub, using connect gateway. Note the 2400 qpm (40 QPS) per project limit - may be best to use a local replica. roles/gkehub.viewer to list roles/gkehub.gatewayReader for read roles/gkehub.gatewayEditor for write
func (*GKE) NumericProjectId ¶
Required for using hub, TD and other GCP APIs. Should be part of the config, env - or loaded on demand from MDS or resource manager.
func (*GKE) ProjectData ¶
ProjectData will fetch the project number and other info from CRM. Should be used off GCP and cached - MDS is a better source.
type GKECluster ¶
type GKECluster struct {
// mangled name
FullName string
ClusterName string
ClusterLocation string
ProjectId string
GKECluster *containerpb.Cluster
// contains filtered or unexported fields
}
GKECluster wraps cluster information for a discovered hub or gke cluster.
Source Files
Directories