Documentation
¶
Index ¶
- Constants
- Variables
- func GetCertApprovalCondition(status *certificates.CertificateSigningRequestStatus) (approved bool, denied bool)
- func HasTrueCondition(csr *certificates.CertificateSigningRequest, ...) bool
- func IgnorableError(s string, args ...interface{}) ignorableError
- func IsCertificateRequestApproved(csr *certificates.CertificateSigningRequest) bool
- func IsVNodeClientCSR(req *x509.CertificateRequest, usages sets.String) bool
- func NoResyncPeriodFunc() time.Duration
- func ParseCSR(pemBytes []byte) (*x509.CertificateRequest, error)
- func ValidateVNodeClientCSR(req *x509.CertificateRequest, usages sets.String) error
- type CertificateController
Constants ¶
const ( VNodeClientSignerName = "kubernetes.io/kube-apiserver-client" SubjectCommonNamePrefix = "system:vnode" SubjectOrganization = "system:vnodes" )
Variables ¶
var (
KeyFunc = cache.DeletionHandlingMetaNamespaceKeyFunc
)
Functions ¶
func GetCertApprovalCondition ¶
func GetCertApprovalCondition(status *certificates.CertificateSigningRequestStatus) (approved bool, denied bool)
GetCertApprovalCondition is used to cert status
func HasTrueCondition ¶
func HasTrueCondition(csr *certificates.CertificateSigningRequest, conditionType certificates.RequestConditionType) bool
HasCondition returns true if the csr contains a condition of the specified type with a status that is set to True or is empty
func IgnorableError ¶
func IgnorableError(s string, args ...interface{}) ignorableError
IgnorableError returns an error that we shouldn't handle (i.e. log) because it's spammy and usually user error. Instead we will log these errors at a higher log level. We still need to throw these errors to signal that the sync should be retried.
func IsCertificateRequestApproved ¶
func IsCertificateRequestApproved(csr *certificates.CertificateSigningRequest) bool
IsCertificateRequestApproved returns true if a certificate request has the "Approved" condition and no "Denied" conditions; false otherwise.
func IsVNodeClientCSR ¶
func IsVNodeClientCSR(req *x509.CertificateRequest, usages sets.String) bool
IsVNodeClientCSR verify whether the csr request is a vnode client
func NoResyncPeriodFunc ¶
Returns 0 for resyncPeriod in case resyncing is not needed.
func ParseCSR ¶
func ParseCSR(pemBytes []byte) (*x509.CertificateRequest, error)
ParseCSR extracts the CSR from the bytes and decodes it.
func ValidateVNodeClientCSR ¶
func ValidateVNodeClientCSR(req *x509.CertificateRequest, usages sets.String) error
ValidateVNodeClientCSR validate vnode client csr
Types ¶
type CertificateController ¶
type CertificateController struct {
// contains filtered or unexported fields
}
func NewCSRApprovingController ¶
func NewCSRApprovingController(client clientset.Interface, csrInformer certificatesinformers.CertificateSigningRequestInformer) *CertificateController
NewCSRApprovingController creates a new CSRApprovingController.
func NewCertificateController ¶
func NewCertificateController(name string, kubeClient clientset.Interface, csrInformer certificatesinformers.CertificateSigningRequestInformer, handler func(*certificates.CertificateSigningRequest) error) *CertificateController
NewCertificateController creates a new CertificateController.
func (*CertificateController) Run ¶
func (cc *CertificateController) Run(workers int, stopCh <-chan struct{})
Run the main goroutine responsible for watching and syncing jobs.
Source Files