This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
labels: | |
app.kubernetes.io/component: server | |
app.kubernetes.io/instance: argocd | |
app.kubernetes.io/name: argocd-cm | |
name: argocd-cm | |
namespace: argocd | |
data: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
labels: | |
app.kubernetes.io/component: server | |
app.kubernetes.io/name: argocd-cm | |
app.kubernetes.io/part-of: argocd | |
name: argocd-cm | |
namespace: argocd | |
data: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
databases: | |
my_handy_db_alias: # SOME HANDY IDENTIFIER KEY TO USE IN CLI ARGS FOR --db. USEFUL WHEN TWO DB'S ACROSS HOSTS HAS SAME NAME. | |
name: <DATABASE_NAME> # THIS IS THE ACTUAL DATABASE NAME | |
host: <WRITER_HOST_URL> # THIS IS THE DEFAULT HOST BEING USED FOR OPERATIONS. | |
reader_host: <READER_HOST_URL> # IDEA IS TO USE THIS AUTOMATICALLY FOR READER USER ROLE. THIS IS TODO FOR NOW. | |
port: <DB_PORT> | |
db_type: <DATABASE_TYPE> # THIS IS DIRECT RELATED TO USQL DRIVER NAMES. THE SCHEME PART OF DSN. | |
credentials: | |
- username: root | |
role: admin # USED IN CLI ARGS FOR --role. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copied from https://github.com/kumahq/kuma/blob/master/pkg/core/tokens/validator.go#L65 | |
revoked, err := j.revocations.IsRevoked(ctx, claims.ID()) | |
if err != nil { | |
return errors.Wrap(err, "could not check if the token is revoked") | |
} | |
if revoked { | |
return errors.New("token is revoked") | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
req, err := http.NewRequest("POST", "/tokens/dataplane", bytes.NewReader(reqBytes)) | |
if err != nil { | |
return "", errors.Wrap(err, "could not construct the request") | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Copied from https://github.com/kumahq/kuma/blob/master/pkg/defaults/mesh/mesh.go#L60 | |
created, err := ensureDataplaneTokenSigningKey(ctx, resManager, meshName) | |
if err != nil { | |
return errors.Wrap(err, "could not create default Dataplane Token Signing Key") | |
} | |
if created { | |
resKey := tokens.SigningKeyResourceKey(issuer.DataplaneTokenSigningKeyPrefix(meshName), tokens.DefaultSerialNumber, meshName) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Copied from https://github.com/kumahq/kuma/blob/master/pkg/xds/auth/universal/authenticator.go | |
func (u *universalAuthenticator) authDataplane(ctx context.Context, dataplane *core_mesh.DataplaneResource, credential auth.Credential) error { | |
dpIdentity, err := u.dataplaneValidator.Validate(ctx, credential, dataplane.Meta.GetMesh()) | |
if err != nil { | |
return err | |
} | |
if dpIdentity.Name != "" && dataplane.Meta.GetName() != dpIdentity.Name { | |
return errors.Errorf("proxy name from requestor: %s is different than in token: %s", dataplane.Meta.GetName(), dpIdentity.Name) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# each mapRoles entry maps an IAM role to a username and set of groups | |
# Each username and group can optionally contain template parameters: | |
# 1) "{{AccountID}}" is the 12 digit AWS ID. | |
# 2) "{{SessionName}}" is the role session name, with `@` characters | |
# transliterated to `-` characters. | |
# 3) "{{SessionNameRaw}}" is the role session name, without character | |
# transliteration (available in version >= 0.5). | |
mapRoles: | |
# statically map arn:aws:iam::000000000000:role/KubernetesAdmin to cluster admin | |
- roleARN: arn:aws:iam::000000000000:role/KubernetesAdmin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
go wait.Until(nm.worker, time.Second, stopCh) - namespace_controller.go #209 | |
err := nm.syncNamespaceFromKey(key.(string)) - namespace_controller.go #148 | |
nm.namespacedResourcesDeleter.Delete(namespace.Name) - namespace_controller.go #192 | |
estimate, err := d.deleteAllContent(namespace) - namespaced_resources_deleter.go #133 | |
# 1. Resource discovery phase | |
resources, err := d.discoverResourcesFn() #502 | |
conditionUpdater.ProcessDiscoverResourcesErr(err) #506 Sets v1.NamespaceDeletionDiscoveryFailure |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var ( | |
// conditionTypes Namespace condition types that are maintained by namespace_deleter controller. | |
conditionTypes = []v1.NamespaceConditionType{ | |
v1.NamespaceDeletionDiscoveryFailure, | |
v1.NamespaceDeletionGVParsingFailure, | |
v1.NamespaceDeletionContentFailure, | |
v1.NamespaceContentRemaining, | |
v1.NamespaceFinalizersRemaining, | |
} | |
okMessages = map[v1.NamespaceConditionType]string{ |
NewerOlder