v1.8.0-alpha.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jul 5, 2022 License: Apache-2.0 Imports: 24 Imported by: 0




View Source
const (
	// The names of the files that should contain the CA certificate and the TLS key pair.
	CACertFile  = "ca.crt"
	TLSCertFile = "tls.crt"
	TLSKeyFile  = "tls.key"
View Source
const (
	AntreaCAConfigMapName = "antrea-ca"
	AntreaServiceName     = "antrea"
View Source
const (
	CAConfigMapKey = "ca.crt"


This section is empty.


func GetAntreaServerNames

func GetAntreaServerNames(serviceName string) []string

GetAntreaServerNames returns the DNS names that the TLS certificate will be signed with.

func GetCAConfigMapNamespace

func GetCAConfigMapNamespace() string


type CACertController

type CACertController struct {
	// contains filtered or unexported fields

CACertController is responsible for taking the CA certificate from the caContentProvider and publishing it to the ConfigMap and the APIServices.

func ApplyServerCert

func ApplyServerCert(selfSignedCert bool,
	client kubernetes.Interface,
	aggregatorClient clientset.Interface,
	apiExtensionClient apiextensionclientset.Interface,
	secureServing *options.SecureServingOptionsWithLoopback,
	caConfig *CAConfig) (*CACertController, error)

func (*CACertController) Enqueue

func (c *CACertController) Enqueue()

Enqueue will be called after CACertController is registered as a listener of CA cert change.

func (*CACertController) Run

func (c *CACertController) Run(ctx context.Context, workers int)

Run starts the CACertController and blocks until the context is canceled.

func (*CACertController) RunOnce

func (c *CACertController) RunOnce(ctx context.Context) error

RunOnce runs a single sync step to ensure that we have a valid starting configuration.

func (*CACertController) UpdateCertificate

func (c *CACertController) UpdateCertificate(ctx context.Context) error

type CAConfig added in v1.5.0

type CAConfig struct {
	// Name of the ConfigMap that will hold the CA certificate that signs the TLS
	// certificate of antrea-controller.
	CAConfigMapName string

	// APIServiceNames contains all the APIServices backed by antrea-controller.
	APIServiceNames []string

	// ValidatingWebhooks contains all the ValidatingWebhookConfigurations backed by antrea-controller.
	ValidatingWebhooks []string

	// MutationWebhooks contains all the MutationWebhooks backed by antrea-controller.
	MutationWebhooks []string

	// OptionalMutationWebhooks contains all the OptionalMutationWebhooks backed by antrea-controller.
	OptionalMutationWebhooks []string

	// CRDsWithConversionWebhooks contains all the ConversionWebhooks backed by antrea-controller.
	CRDsWithConversionWebhooks []string

	// CertDir is the directory that the TLS Secret should be mounted to. Declaring it as a variable for testing.
	CertDir string

	// SelfSignedCertDir is the dir Antrea self signed certificates are created in.
	SelfSignedCertDir string

	// CertReadyTimeout is the timeout we will wait for the TLS Secret being ready. Declaring it as a variable for testing.
	CertReadyTimeout time.Duration

	// MaxRotateDuration is the max duration for rotating self-signed certificate generated by Antrea.
	// In most cases we will rotate the certificate when we reach half the expiration time of the certificate (see nextRotationDuration).
	// MaxRotateDuration ensures that if a self-signed certificate has a really long expiration (N years), we still attempt to rotate it
	// within a reasonable time, in this case one year. maxRotateDuration is also used to force certificate rotation in unit tests.
	MaxRotateDuration time.Duration
	ServiceName       string
	PairName          string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL