controller

package

v0.0.0-...-fe632b3 Latest Latest Go to latest Published: Feb 26, 2020 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/alipay/sofa-mesh

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func ConstructCustomDNSNames(serviceAccounts []string, serviceNames []string, namespace string, ...) map[string]*DNSNameEntry
func GetSecretName(saName string) string
type DNSNameEntry
type SecretController
- func NewSecretController(ca ca.CertificateAuthority, certTTL time.Duration, gracePeriodRatio float32, ...) (*SecretController, error)
- func (sc *SecretController) Run(stopCh chan struct{})

Constants ¶

View Source

const (
	// The Istio secret annotation type
	IstioSecretType = "istio.io/key-and-cert"

	// The ID/name for the certificate chain file.
	CertChainID = "cert-chain.pem"
	// The ID/name for the private key file.
	PrivateKeyID = "key.pem"
	// The ID/name for the CA root certificate file.
	RootCertID = "root-cert.pem"
	// The key to specify corresponding service account in the annotation of K8s secrets.
	ServiceAccountNameAnnotationKey = "istio.io/service-account.name"
)

#nosec: disable gas linter

Variables ¶

This section is empty.

Functions ¶

func ConstructCustomDNSNames ¶

func ConstructCustomDNSNames(serviceAccounts []string, serviceNames []string,
	namespace string, customDNSNames string) map[string]*DNSNameEntry

func GetSecretName ¶

func GetSecretName(saName string) string

GetSecretName returns the secret name for a given service account name.

Types ¶

type DNSNameEntry ¶

type DNSNameEntry struct {
	// ServiceName is the name of the service account to match
	ServiceName string

	// Namespace restricts to a specific namespace.
	Namespace string

	// CustomDomain allows adding a user-defined domain.
	CustomDomains []string
}

DNSNameEntry stores the service name and namespace to construct the DNS id. Service accounts matching the ServiceName and Namespace will have additional DNS SANs: ServiceName.Namespace.svc, ServiceName.Namespace and optionall CustomDomain. This is intended for control plane and trusted services.

type SecretController ¶

type SecretController struct {
	// contains filtered or unexported fields
}

SecretController manages the service accounts' secrets that contains Istio keys and certificates.

func NewSecretController ¶

func NewSecretController(ca ca.CertificateAuthority, certTTL time.Duration,
	gracePeriodRatio float32, minGracePeriod time.Duration, dualUse bool,
	core corev1.CoreV1Interface, forCA bool, namespaces []string,
	dnsNames map[string]*DNSNameEntry) (*SecretController, error)

NewSecretController returns a pointer to a newly constructed SecretController instance.

func (*SecretController) Run ¶

func (sc *SecretController) Run(stopCh chan struct{})

Run starts the SecretController until a value is sent to stopCh.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL