common

package
v0.17.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 16, 2025 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// AnnotDnsnames annotation is shared with dns controller manager
	AnnotDnsnames = "dns.gardener.cloud/dnsnames"
	// AnnotClass is the annotation for the cert class
	AnnotClass = core.AnnotationClass
	// AnnotSecretname is the annotation for the secret name
	AnnotSecretname = "cert.gardener.cloud/secretname" // #nosec G101 -- this is no credential
	// AnnotSecretNamespace is the annotation for the TLS secret namespace (only used for Istio Gateways source resources)
	AnnotSecretNamespace = "cert.gardener.cloud/secret-namespace" // #nosec G101 -- this is no credential
	// AnnotIssuer is the annotation for the issuer name
	AnnotIssuer = "cert.gardener.cloud/issuer"
	// AnnotCommonName is the annotation for explicitly specifying the common name
	AnnotCommonName = "cert.gardener.cloud/commonname"
	// AnnotCertDNSNames is the annotation for explicitly specifying the DNS names (if not specified, values from "dns.gardener.cloud/dnsnames" is used)
	AnnotCertDNSNames = "cert.gardener.cloud/dnsnames"
	// AnnotFollowCNAME is the annotation for allowing delegated domains for DNS01 challenge
	AnnotFollowCNAME = "cert.gardener.cloud/follow-cname"
	// AnnotCertSecretLabels is the annotation for setting labels for the secret resource
	// comma-separated format "key1=value1,key2=value2"
	AnnotCertSecretLabels = "cert.gardener.cloud/secret-labels" // #nosec G101 -- this is no credential
	// AnnotPreferredChain is the annotation for the certificate preferred chain
	AnnotPreferredChain = "cert.gardener.cloud/preferred-chain"
	// AnnotPrivateKeyAlgorithm is the annotation key to set the PrivateKeyAlgorithm for a Certificate.
	// If PrivateKeyAlgorithm is specified and `size` is not provided,
	// key size of 256 will be used for `ECDSA` key algorithm and
	// key size of 2048 will be used for `RSA` key algorithm.
	// If unset an algorithm `RSA` will be used.
	AnnotPrivateKeyAlgorithm = "cert.gardener.cloud/private-key-algorithm"
	// AnnotPrivateKeySize is the annotation key to set the size of the private key for a Certificate.
	// If PrivateKeyAlgorithm is set to `RSA`, valid values are `2048`, `3072`, or `4096`,
	// and will default to `2048` if not specified.
	// If PrivateKeyAlgorithm is set to `ECDSA`, valid values are `256` or `384`,
	// and will default to `256` if not specified.
	// No other values are allowed.
	AnnotPrivateKeySize = "cert.gardener.cloud/private-key-size"
	// AnnotDNSRecordProviderType is the annotation for providing the provider type for DNS records.
	AnnotDNSRecordProviderType = "cert.gardener.cloud/dnsrecord-provider-type"
	// AnnotDNSRecordSecretRef is the annotation for providing the secret ref for DNS records.
	AnnotDNSRecordSecretRef = "cert.gardener.cloud/dnsrecord-secret-ref" // #nosec G101 -- this is no credential
	// AnnotationPurposeKey is the annotation key for the purpose
	AnnotationPurposeKey = "cert.gardener.cloud/purpose"
	// AnnotationPurposeValueManaged is the managed value for the purpose annotation
	AnnotationPurposeValueManaged = "managed"

	// DefaultClass is the default cert-class
	DefaultClass = configv1alpha1.DefaultClass
)

Variables

This section is empty.

Functions

func CreateSpec 

func CreateSpec(src CertInput) certmanv1alpha1.CertificateSpec

CreateSpec creates a CertificateSpec from a CertInput.

func EquivalentClass 

func EquivalentClass(cls1, cls2 string) bool

EquivalentClass returns true if the annotation class are equivalent, i.e. equal after normalizing.

func NormalizeClass 

func NormalizeClass(class string) string

NormalizeClass returns the class name or "" if it is the default class.

Types

type CertInput 

type CertInput struct {
	SecretObjectKey     client.ObjectKey
	Domains             []string
	IssuerName          *string
	FollowCNAME         bool
	SecretLabels        map[string]string
	PreferredChain      string
	PrivateKeyAlgorithm string
	PrivateKeySize      int
	Annotations         map[string]string
}

CertInput contains basic certificate data.

type CertInputMap 

type CertInputMap map[client.ObjectKey]CertInput

CertInputMap contains a map of secretName to CertInput.

func GetCertInputByCollector 

func GetCertInputByCollector(ctx context.Context, log logr.Logger, obj client.Object, tlsDataCollector TLSDataCollector) (CertInputMap, error)

GetCertInputByCollector collects data from annotations and from the resources needed for creating certificates.

func GetCertSourceSpecForService 

func GetCertSourceSpecForService(log logr.Logger, service *corev1.Service) (CertInputMap, error)

GetCertSourceSpecForService gets the certificate source spec for a service of type loadbalancer.

type ReconcilerBase 

type ReconcilerBase struct {
	Client   client.Client
	Recorder record.EventRecorder
	Class    string
	GVK      schema.GroupVersionKind
}

ReconcilerBase is base for source reconcilers.

func (*ReconcilerBase) DoDelete 

func (r *ReconcilerBase) DoDelete(ctx context.Context, log logr.Logger, obj client.Object) (reconcile.Result, error)

DoDelete performs delete reconciliation for given object.

func (*ReconcilerBase) DoReconcile 

func (r *ReconcilerBase) DoReconcile(ctx context.Context, log logr.Logger, obj client.Object, certInputMap CertInputMap) (reconcile.Result, error)

DoReconcile reconciles for given object and certInput.

type TLSData 

type TLSData struct {
	SecretNamespace string
	SecretName      string
	Hosts           []string
}

TLSData contains the collection results: secret name and host list.

type TLSDataCollector 

type TLSDataCollector func(ctx context.Context, obj client.Object) ([]*TLSData, error)

TLSDataCollector collects TLS secret names for hosts.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.