Documentation ¶
Overview ¶
Package certificates contains logic for watching and synchronizing CertificateSigningRequests.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsCertificateRequestApproved ¶
func IsCertificateRequestApproved(csr *certificates.CertificateSigningRequest) bool
IsCertificateRequestApproved returns true if a certificate request has the "Approved" condition and no "Denied" conditions; false otherwise.
Types ¶
type AutoApprover ¶ added in v1.6.0
type AutoApprover interface {
AutoApprove(csr *certificates.CertificateSigningRequest) (*certificates.CertificateSigningRequest, error)
}
func NewGroupApprover ¶ added in v1.6.0
func NewGroupApprover(approveAllKubeletCSRsForGroup string) AutoApprover
NewGroupApprover creates an approver that accepts any CSR requests where the subject group contains approveAllKubeletCSRsForGroup.
type CFSSLSigner ¶ added in v1.6.0
type CFSSLSigner struct {
// contains filtered or unexported fields
}
func NewCFSSLSigner ¶ added in v1.6.0
func NewCFSSLSigner(caFile, caKeyFile string) (*CFSSLSigner, error)
func (*CFSSLSigner) Sign ¶ added in v1.6.0
func (cs *CFSSLSigner) Sign(csr *certificates.CertificateSigningRequest) (*certificates.CertificateSigningRequest, error)
type CertificateController ¶
type CertificateController struct {
// contains filtered or unexported fields
}
func NewCertificateController ¶
func NewCertificateController(kubeClient clientset.Interface, csrInformer certificatesinformers.CertificateSigningRequestInformer, signer Signer, approver AutoApprover) (*CertificateController, error)
func (*CertificateController) Run ¶
func (cc *CertificateController) Run(workers int, stopCh <-chan struct{})
Run the main goroutine responsible for watching and syncing jobs.
type Signer ¶ added in v1.6.0
type Signer interface {
Sign(csr *certificates.CertificateSigningRequest) (*certificates.CertificateSigningRequest, error)
}
Click to show internal directories.
Click to hide internal directories.