controller

package
v0.0.0-...-d8a8f93 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 2, 2019 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// The Istio secret annotation type
	IstioSecretType = "istio.io/key-and-cert"

	// The ID/name for the certificate chain file.
	CertChainID = "cert-chain.pem"
	// The ID/name for the private key file.
	PrivateKeyID = "key.pem"
	// The ID/name for the CA root certificate file.
	RootCertID = "root-cert.pem"
	// The key to specify corresponding service account in the annotation of K8s secrets.
	ServiceAccountNameAnnotationKey = "istio.io/service-account.name"
)

#nosec: disable gas linter

Variables

This section is empty.

Functions

func GetSecretName

func GetSecretName(saName string) string

GetSecretName returns the secret name for a given service account name.

Types

type DNSNameEntry

type DNSNameEntry struct {
	// ServiceName is the name of the service account to match
	ServiceName string

	// Namespace restricts to a specific namespace.
	Namespace string

	// CustomDomain allows adding a user-defined domain.
	CustomDomains []string
}

DNSNameEntry stores the service name and namespace to construct the DNS id. Service accounts matching the ServiceName and Namespace will have additional DNS SANs: ServiceName.Namespace.svc, ServiceName.Namespace and optionall CustomDomain. This is intended for control plane and trusted services.

type SecretController

type SecretController struct {
	// contains filtered or unexported fields
}

SecretController manages the service accounts' secrets that contains Istio keys and certificates.

func NewSecretController

func NewSecretController(ca ca.CertificateAuthority, certTTL time.Duration, gracePeriodRatio float32, minGracePeriod time.Duration,
	core corev1.CoreV1Interface, forCA bool, namespace string, dnsNames map[string]DNSNameEntry) (*SecretController, error)

NewSecretController returns a pointer to a newly constructed SecretController instance.

func (*SecretController) Run

func (sc *SecretController) Run(stopCh chan struct{})

Run starts the SecretController until a value is sent to stopCh.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL