Documentation
¶
Index ¶
Constants ¶
View Source
const APISvcName = "v1beta1.webhook.certmanager.k8s.io"
APISvcName is the name used for cert-manager-webhooks' apiservice definition
View Source
const AcmeSolverImageEnvVar = "ICP_CERT_MANAGER_ACMESOLVER_IMAGE"
AcmeSolverImageEnvVar is the env variable name defined in operator container for acme-solver Image. Check operator.yaml
View Source
const AcmesolverImageName = "icp-cert-manager-acmesolver"
AcmesolverImageName is the image name of the cert-manager-acmesolver
View Source
const CaInjectorImageEnvVar = "ICP_CERT_MANAGER_CAINJECTOR_IMAGE"
CaInjectorImageEnvVar is the env variable name defined in operator container for cainjector Image. Check operator.yaml
View Source
const CainjectorImageName = "icp-cert-manager-cainjector"
CainjectorImageName is the image name of the cert-manager-cainjector
View Source
const CainjectorLabels = "app=ibm-cert-manager-cainjector"
CainjectorLabels is a string of the cert-manager-cainjector's labels
View Source
const CertManagerAcmeSolverName = "cert-manager-acmesolver"
CertManagerAcmeSolverName is the name of the container/pod/deployment for cert-manager-acmesolver
View Source
const CertManagerCainjectorName = "cert-manager-cainjector"
CertManagerCainjectorName is the name of the container/pod/deployment for cert-manager-cainjector
View Source
const CertManagerConfigCR = `` /* 995-byte string literal not displayed */
View Source
const CertManagerControllerName = "cert-manager-controller"
CertManagerControllerName is the name of the container/pod/deployment for cert-manager-controller
View Source
const CertManagerWebhookName = "cert-manager-webhook"
CertManagerWebhookName is the name of the container/pod/deployment for cert-manager-webhook
View Source
const ClusterRoleName = "cert-manager"
ClusterRoleName is the default name of the clusterrole and clusterrolebinding used by the cert-manager services
View Source
const ConfigmapWatcherName = "configmap-watcher"
ConfigmapWatcherName is the name of the container/pod/deployment for the configmap-watcher
View Source
const ControllerImageEnvVar = "ICP_CERT_MANAGER_CONTROLLER_IMAGE"
ControllerImageEnvVar is the env variable name defined in operator container for Controller Image. Check operator.yaml
View Source
const ControllerImageName = "icp-cert-manager-controller"
ControllerImageName is the image name of the cert-manager-controller
View Source
const ControllerImageVersion = "0.12.0"
ControllerImageVersion is the default image version used for the cert-manager-controller
View Source
const ControllerLabels = "app=ibm-cert-manager-controller"
ControllerLabels is a string of the cert-manager-controller's labels
View Source
const DefaultImagePostfix = ""
DefaultImagePostfix is set to empty. It indicates any platform suffix that you can append to an image tag
View Source
const DefaultNamespace = "ibm-cert-manager"
DefaultNamespace is the namespace the cert-manager services will be deployed in if the operator is deployed in all namespaces or locally
View Source
const ImageRegistry = "icr.io/cpopen/cpfs"
ImageRegistry is the default image registry for the operand deployments
View Source
const SecretWatchLabel string = "operator.ibm.com/watched-by-cert-manager"
SecretWatchLabel is a string of secrets that watched by cert manager operator labels
View Source
const ServiceAccount = "cert-manager"
ServiceAccount is the name of the default service account to be used by cert-manager services
View Source
const WebhookImageEnvVar = "ICP_CERT_MANAGER_WEBHOOK_IMAGE"
WebhookImageEnvVar is the env variable name defined in operator container for Webhook Image. Check operator.yaml
View Source
const WebhookImageName = "icp-cert-manager-webhook"
WebhookImageName is the image name of the cert-manager-webhook
View Source
const WebhookImageVersion = "0.12.0"
WebhookImageVersion is the default image version used for the cert-manager-webhook
View Source
const WebhookLabels = "app=ibm-cert-manager-webhook"
WebhookLabels is a string of the cert-manager-webhook's labels
View Source
const WebhookServingSecret = "cert-manager-webhook-ca"
WebhookServingSecret is the name of tls secret used for serving the cert-manager-webhook
Variables ¶
View Source
var APIService = &apiRegv1.APIService{ ObjectMeta: metav1.ObjectMeta{ Name: APISvcName, Labels: map[string]string{ "app": "ibm-cert-manager-webhook", }, Annotations: map[string]string{}, }, Spec: apiRegv1.APIServiceSpec{ Group: "webhook.certmanager.k8s.io", GroupPriorityMinimum: 1000, VersionPriority: 15, Service: &apiRegv1.ServiceReference{ Name: CertManagerWebhookName, }, Version: "v1beta1", }, }
APIService is the apiservice for cert-manager-webhook
View Source
var AcmeSolverArg = "--acme-http01-solver-image=" + acmesolverImage
AcmeSolverArg is the acme solver image to use for the cert-manager-controller
View Source
var CAInjectorClusterRole = &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-cainjector", }, Rules: []rbacv1.PolicyRule{ { Verbs: []string{"get", "list", "watch"}, APIGroups: []string{"cert-manager.io"}, Resources: []string{"certificates"}, }, { Verbs: []string{"get", "list", "watch"}, APIGroups: []string{""}, Resources: []string{"secrets"}, }, { Verbs: []string{"get", "create", "update", "patch"}, APIGroups: []string{""}, Resources: []string{"events"}, }, { Verbs: []string{"get", "list", "watch", "update"}, APIGroups: []string{"admissionregistration.k8s.io"}, Resources: []string{"validatingwebhookconfigurations", "mutatingwebhookconfigurations"}, }, { Verbs: []string{"get", "list", "watch", "update"}, APIGroups: []string{"apiregistration.k8s.io"}, Resources: []string{"apiservices"}, }, { Verbs: []string{"get", "list", "watch", "update"}, APIGroups: []string{"apiextensions.k8s.io"}, Resources: []string{"customresourcedefinitions"}, }, { Verbs: []string{"get", "list", "watch", "update"}, APIGroups: []string{"auditregistration.k8s.io"}, Resources: []string{"auditsinks"}, }, }, }
View Source
var CAInjectorClusterRoleBinding = &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-cainjector", }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", Name: "ibm-cert-manager-cainjector", }, }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "ClusterRole", Name: "ibm-cert-manager-cainjector", }, }
View Source
var CAInjectorRole = &rbacv1.Role{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-cainjector:leaderelection", }, Rules: []rbacv1.PolicyRule{ { Verbs: []string{"get", "update", "patch"}, APIGroups: []string{""}, Resources: []string{"configmaps"}, ResourceNames: []string{"cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"}, }, { Verbs: []string{"create"}, APIGroups: []string{""}, Resources: []string{"configmaps"}, }, { Verbs: []string{"get", "update", "patch"}, APIGroups: []string{"coordination.k8s.io"}, Resources: []string{"leases"}, ResourceNames: []string{"cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"}, }, { Verbs: []string{"create"}, APIGroups: []string{"coordination.k8s.io"}, Resources: []string{"leases"}, }, }, }
View Source
var CAInjectorRoleBinding = &rbacv1.RoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-cainjector:leaderelection", }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", Name: "ibm-cert-manager-cainjector", Namespace: DeployNamespace, }, }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "Role", Name: "ibm-cert-manager-cainjector:leaderelection", }, }
View Source
var CAInjectorServiceAccount = &corev1.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-cainjector", }, }
View Source
var CainjectorDeployment = &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ Name: CertManagerCainjectorName, Labels: CainjectorLabelMap, }, Spec: appsv1.DeploymentSpec{ Replicas: &replicaCount, Selector: &metav1.LabelSelector{ MatchLabels: OriginalCainjectorLabelMap, }, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Labels: CainjectorLabelMap, Annotations: PodAnnotations, }, Spec: certManagerCainjectorPod, }, }, }
CainjectorDeployment is the deployment template for deploying the cert-manager-cainjector
View Source
var CainjectorLabelMap = map[string]string{}
View Source
var ClusterRoleBindingsToCreate = &rbacv1.ClusterRoleBindingList{ Items: []rbacv1.ClusterRoleBinding{*ControllerApproveClusterRoleBinding, *ControllerCertificateSigningRequestsClusterRoleBinding, *ControllerIssuersClusterRoleBinding, *ControllerClusterIssuersClusterRoleBinding, *ControllerCertificatesClusterRoleBinding, *ControllerOrdersClusterRoleBinding, *ControllerChallengesClusterRoleBinding, *ControllerIngressShimClusterRoleBinding, *CAInjectorClusterRoleBinding, *WebhookClusterRoleBinding}, }
View Source
var ClusterRolesToCreate = &rbacv1.ClusterRoleList{ Items: []rbacv1.ClusterRole{*ControllerViewClusterRole, *ControllerEditClusterRole, *ControllerApproveClusterRole, *ControllerCertificateSigningRequestsClusterRole, *ControllerIssuersClusterRole, *ControllerClusterIssuersClusterRole, *ControllerCertificatesClusterRole, *ControllerOrdersClusterRole, *ControllerChallengesClusterRole, *ControllerIngressShimClusterRole, *CAInjectorClusterRole, *WebhookClusterRole}, }
View Source
var ConfigWatchServiceAccount = &corev1.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ Name: "cert-manager", }, }
View Source
var ControllerApproveClusterRole = &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller-approve:cert-manager-io", }, Rules: []rbacv1.PolicyRule{ { Verbs: []string{"approve"}, APIGroups: []string{"cert-manager.io"}, Resources: []string{"signers"}, ResourceNames: []string{"issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"}, }, }, }
View Source
var ControllerApproveClusterRoleBinding = &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller-approve:cert-manager-io", }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", Name: "ibm-cert-manager-controller", }, }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "ClusterRole", Name: "ibm-cert-manager-controller-approve:cert-manager-io", }, }
View Source
var ControllerCertificateSigningRequestsClusterRole = &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller-certificatesigningrequests", }, Rules: []rbacv1.PolicyRule{ { Verbs: []string{"get", "list", "watch", "update"}, APIGroups: []string{"certificates.k8s.io"}, Resources: []string{"certificatesigningrequests"}, }, { Verbs: []string{"update"}, APIGroups: []string{"certificates.k8s.io"}, Resources: []string{"certificatesigningrequests/status"}, }, { Verbs: []string{"sign"}, APIGroups: []string{"certificates.k8s.io"}, Resources: []string{"signers"}, ResourceNames: []string{"issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"}, }, { Verbs: []string{"create"}, APIGroups: []string{"authorization.k8s.io"}, Resources: []string{"subjectaccessreviews"}, }, }, }
View Source
var ControllerCertificateSigningRequestsClusterRoleBinding = &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller-certificatesigningrequests", }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", Name: "ibm-cert-manager-controller", }, }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "ClusterRole", Name: "ibm-cert-manager-controller-certificatesigningrequests", }, }
View Source
var ControllerCertificatesClusterRole = &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller-certificates", }, Rules: []rbacv1.PolicyRule{ { Verbs: []string{"update"}, APIGroups: []string{"cert-manager.io"}, Resources: []string{"certificates", "certificates/status", "certificaterequests", "certificaterequests/status"}, }, { Verbs: []string{"get", "list", "watch"}, APIGroups: []string{"cert-manager.io"}, Resources: []string{"certificates", "certificaterequests", "clusterissuers", "issuers"}, }, { Verbs: []string{"update"}, APIGroups: []string{"cert-manager.io"}, Resources: []string{"certificates/finalizers", "certificaterequests/finalizers"}, }, { Verbs: []string{"create", "delete", "get", "list", "watch"}, APIGroups: []string{"acme.cert-manager.io"}, Resources: []string{"orders"}, }, { Verbs: []string{"get", "list", "watch", "create", "update", "delete", "patch"}, APIGroups: []string{""}, Resources: []string{"secrets"}, }, { Verbs: []string{"create", "patch"}, APIGroups: []string{""}, Resources: []string{"events"}, }, }, }
View Source
var ControllerCertificatesClusterRoleBinding = &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller-certificates", }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", Name: "ibm-cert-manager-controller", }, }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "ClusterRole", Name: "ibm-cert-manager-controller-certificates", }, }
View Source
var ControllerChallengesClusterRole = &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller-challenges", }, Rules: []rbacv1.PolicyRule{ { Verbs: []string{"update"}, APIGroups: []string{"acme.cert-manager.io"}, Resources: []string{"challenges", "challenges/status"}, }, { Verbs: []string{"get", "list", "watch"}, APIGroups: []string{"acme.cert-manager.io"}, Resources: []string{"challenges"}, }, { Verbs: []string{"get", "list", "watch"}, APIGroups: []string{"cert-manager.io"}, Resources: []string{"clusterissuers", "issuers"}, }, { Verbs: []string{"get", "list", "watch"}, APIGroups: []string{""}, Resources: []string{"secrets"}, }, { Verbs: []string{"create", "patch"}, APIGroups: []string{""}, Resources: []string{"events"}, }, { Verbs: []string{"get", "list", "watch", "create", "delete"}, APIGroups: []string{""}, Resources: []string{"pods", "services"}, }, { Verbs: []string{"get", "list", "watch", "create", "delete", "update"}, APIGroups: []string{"networking.k8s.io"}, Resources: []string{"ingresses"}, }, { Verbs: []string{"get", "list", "watch", "create", "delete", "update"}, APIGroups: []string{"networking.x-k8s.io"}, Resources: []string{"httproutes"}, }, { Verbs: []string{"create"}, APIGroups: []string{"route.openshift.io"}, Resources: []string{"routes/custom-host"}, }, { Verbs: []string{"update"}, APIGroups: []string{"acme.cert-manager.io"}, Resources: []string{"challenges/finalizers"}, }, { Verbs: []string{"get", "list", "watch"}, APIGroups: []string{""}, Resources: []string{"secrets"}, }, }, }
View Source
var ControllerChallengesClusterRoleBinding = &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller-challenges", }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", Name: "ibm-cert-manager-controller", }, }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "ClusterRole", Name: "ibm-cert-manager-controller-challenges", }, }
View Source
var ControllerClusterIssuersClusterRole = &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller-clusterissuers", }, Rules: []rbacv1.PolicyRule{ { Verbs: []string{"update"}, APIGroups: []string{"cert-manager.io"}, Resources: []string{"clusterissuers", "clusterissuers/status"}, }, { Verbs: []string{"get", "list", "watch"}, APIGroups: []string{"cert-manager.io"}, Resources: []string{"clusterissuers"}, }, { Verbs: []string{"get", "list", "watch", "create", "update", "delete"}, APIGroups: []string{""}, Resources: []string{"secrets"}, }, { Verbs: []string{"create", "patch"}, APIGroups: []string{""}, Resources: []string{"events"}, }, }, }
View Source
var ControllerClusterIssuersClusterRoleBinding = &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller-clusterissuers", }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", Name: "ibm-cert-manager-controller", }, }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "ClusterRole", Name: "ibm-cert-manager-controller-clusterissuers", }, }
View Source
var ControllerDeployment = &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ Name: CertManagerControllerName, Labels: ControllerLabelMap, }, Spec: appsv1.DeploymentSpec{ Replicas: &replicaCount, Selector: &metav1.LabelSelector{ MatchLabels: OriginalControllerLabelMap, }, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Labels: ControllerLabelMap, Annotations: PodAnnotations, }, Spec: certManagerControllerPod, }, }, }
ControllerDeployment is the deployment template for deploying the cert-manager-controller
View Source
var ControllerEditClusterRole = &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller-edit", Labels: map[string]string{ "rbac.authorization.k8s.io/aggregate-to-edit": "true", "rbac.authorization.k8s.io/aggregate-to-admin": "true", }, }, Rules: []rbacv1.PolicyRule{ { Verbs: []string{"create", "delete", "deletecollection", "patch", "update"}, APIGroups: []string{"cert-manager.io"}, Resources: []string{"certificates", "certificaterequests", "issuers"}, }, { Verbs: []string{"create", "delete", "deletecollection", "patch", "update"}, APIGroups: []string{"acme.cert-manager.io"}, Resources: []string{"challenges", "orders"}, }, }, }
View Source
var ControllerIngressShimClusterRole = &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller-ingress-shim", }, Rules: []rbacv1.PolicyRule{ { Verbs: []string{"create", "update", "delete"}, APIGroups: []string{"cert-manager.io"}, Resources: []string{"certificates", "certificaterequests"}, }, { Verbs: []string{"get", "list", "watch"}, APIGroups: []string{"cert-manager.io"}, Resources: []string{"certificates", "certificaterequests", "issuers", "clusterissuers"}, }, { Verbs: []string{"get", "list", "watch"}, APIGroups: []string{"networking.k8s.io"}, Resources: []string{"ingresses"}, }, { Verbs: []string{"update"}, APIGroups: []string{"networking.k8s.io"}, Resources: []string{"ingresses/finalizers"}, }, { Verbs: []string{"get", "list", "watch"}, APIGroups: []string{"networking.x-k8s.io"}, Resources: []string{"gateways", "httproutes"}, }, { Verbs: []string{"update"}, APIGroups: []string{"networking.x-k8s.io"}, Resources: []string{"gateways/finalizers", "httproutes/finalizers"}, }, { Verbs: []string{"create", "patch"}, APIGroups: []string{""}, Resources: []string{"events"}, }, }, }
View Source
var ControllerIngressShimClusterRoleBinding = &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller-ingress-shim", }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", Name: "ibm-cert-manager-controller", }, }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "ClusterRole", Name: "ibm-cert-manager-controller-ingress-shim", }, }
View Source
var ControllerIssuersClusterRole = &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller-issuers", }, Rules: []rbacv1.PolicyRule{ { Verbs: []string{"update"}, APIGroups: []string{"cert-manager.io"}, Resources: []string{"issuers", "issuers/status"}, }, { Verbs: []string{"get", "list", "watch"}, APIGroups: []string{"cert-manager.io"}, Resources: []string{"issuers"}, }, { Verbs: []string{"get", "list", "watch", "create", "update", "delete"}, APIGroups: []string{""}, Resources: []string{"secrets"}, }, { Verbs: []string{"create", "patch"}, APIGroups: []string{""}, Resources: []string{"events"}, }, }, }
View Source
var ControllerIssuersClusterRoleBinding = &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller-issuers", }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", Name: "ibm-cert-manager-controller", }, }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "ClusterRole", Name: "ibm-cert-manager-controller-issuers", }, }
View Source
var ControllerLabelMap = map[string]string{}
View Source
var ControllerOrdersClusterRole = &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller-orders", }, Rules: []rbacv1.PolicyRule{ { Verbs: []string{"update"}, APIGroups: []string{"acme.cert-manager.io"}, Resources: []string{"orders", "orders/status"}, }, { Verbs: []string{"get", "list", "watch"}, APIGroups: []string{"acme.cert-manager.io"}, Resources: []string{"orders", "challenges"}, }, { Verbs: []string{"get", "list", "watch"}, APIGroups: []string{"cert-manager.io"}, Resources: []string{"clusterissuers", "issuers"}, }, { Verbs: []string{"create", "delete"}, APIGroups: []string{"acme.cert-manager.io"}, Resources: []string{"challenges"}, }, { Verbs: []string{"update"}, APIGroups: []string{"acme.cert-manager.io"}, Resources: []string{"orders/finalizers"}, }, { Verbs: []string{"get", "list", "watch"}, APIGroups: []string{""}, Resources: []string{"secrets"}, }, { Verbs: []string{"create", "patch"}, APIGroups: []string{""}, Resources: []string{"events"}, }, }, }
View Source
var ControllerOrdersClusterRoleBinding = &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller-orders", }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", Name: "ibm-cert-manager-controller", }, }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "ClusterRole", Name: "ibm-cert-manager-controller-orders", }, }
View Source
var ControllerRole = &rbacv1.Role{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller:leaderelection", }, Rules: []rbacv1.PolicyRule{ { Verbs: []string{"get", "update", "patch"}, APIGroups: []string{""}, Resources: []string{"configmaps"}, ResourceNames: []string{"cert-manager-controller"}, }, { Verbs: []string{"create"}, APIGroups: []string{""}, Resources: []string{"configmaps"}, }, { Verbs: []string{"get", "update", "patch"}, APIGroups: []string{"coordination.k8s.io"}, Resources: []string{"leases"}, ResourceNames: []string{"cert-manager-controller"}, }, { Verbs: []string{"create"}, APIGroups: []string{"coordination.k8s.io"}, Resources: []string{"leases"}, }, }, }
View Source
var ControllerRoleBinding = &rbacv1.RoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller:leaderelection", }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", Name: "ibm-cert-manager-controller", }, }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "Role", Name: "ibm-cert-manager-controller:leaderelection", }, }
View Source
var ControllerServiceAccount = &corev1.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller", }, }
View Source
var ControllerViewClusterRole = &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-controller-view", Labels: map[string]string{ "rbac.authorization.k8s.io/aggregate-to-view": "true", "rbac.authorization.k8s.io/aggregate-to-edit": "true", "rbac.authorization.k8s.io/aggregate-to-admin": "true", }, }, Rules: []rbacv1.PolicyRule{ { Verbs: []string{"get", "list", "watch"}, APIGroups: []string{"cert-manager.io"}, Resources: []string{"certificates", "certificaterequests", "issuers"}, }, { Verbs: []string{"get", "list", "watch"}, APIGroups: []string{"acme.cert-manager.io"}, Resources: []string{"challenges", "orders"}, }, }, }
View Source
var DefaultArgs = []string{}
DefaultArgs are the default arguments use for cert-manager-controller
View Source
var DeployNamespace = GetDeployNamespace()
DeployNamespace is the namespace the cert-manager services will be deployed in
View Source
var FalseVar = false
FalseVar the variable representing the boolean value false
View Source
var MutatingWebhook = &admRegv1.MutatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{ Name: CertManagerWebhookName, Labels: WebhookLabelMap, Annotations: map[string]string{ "cert-manager.io/inject-ca-from-secret": DeployNamespace + "/" + WebhookServingSecret, }, }, Webhooks: []admRegv1.MutatingWebhook{ { Name: "webhook.cert-manager.io", ClientConfig: admRegv1.WebhookClientConfig{ Service: &admRegv1.ServiceReference{ Namespace: DeployNamespace, Name: CertManagerWebhookName, Path: &mutationPath, }, }, Rules: []admRegv1.RuleWithOperations{ { Operations: []admRegv1.OperationType{ admRegv1.Create, admRegv1.Update, }, Rule: admRegv1.Rule{ APIGroups: []string{ "cert-manager.io", "acme.cert-manager.io", }, APIVersions: []string{ "v1", }, Resources: []string{ "*/*", }, }, }, }, FailurePolicy: &failPolicy, SideEffects: &sideEffect, AdmissionReviewVersions: []string{"v1"}, TimeoutSeconds: &timeoutSecondsWebhook, }, }, }
MutatingWebhook is the mutating webhook definition for cert-manager-webhook
View Source
var OriginalCainjectorLabelMap = map[string]string{
"app": "ibm-cert-manager-cainjector",
"app.kubernetes.io/name": "ibm-cert-manager-cainjector",
"app.kubernetes.io/component": certManagerComponentName,
"app.kubernetes.io/managed-by": "operator",
"app.kubernetes.io/instance": certManagerComponentName,
"release": certManagerComponentName,
}
CainjectorLabelMap is a map of all the labels used by the cert-manager-cainjector
View Source
var OriginalControllerLabelMap = map[string]string{
"app": "ibm-cert-manager-controller",
"app.kubernetes.io/name": "ibm-cert-manager-controller",
"app.kubernetes.io/component": certManagerComponentName,
"app.kubernetes.io/managed-by": "operator",
"app.kubernetes.io/instance": certManagerComponentName,
"release": certManagerComponentName,
}
ControllerLabelMap is a map of all the labels used by cert-manager-controller
View Source
var OriginalWebhookLabelMap = map[string]string{
"app": "ibm-cert-manager-webhook",
"app.kubernetes.io/name": "ibm-cert-manager-webhook",
"app.kubernetes.io/component": certManagerComponentName,
"app.kubernetes.io/managed-by": "operator",
"app.kubernetes.io/instance": certManagerComponentName,
"release": certManagerComponentName,
}
WebhookLabelMap is a map of all the labels used by the cert-manager-webhook
View Source
var PodAnnotations = map[string]string{"openshift.io/scc": "restricted", "productName": "IBM Cloud Platform Common Services", "productID": "068a62892a1e4db39641342e592daa25", "productMetric": "FREE"}
PodAnnotations are the annotations required for a pod
View Source
var PodNamespace = os.Getenv("POD_NAMESPACE")
PodNamespace is the namespace the the operator is getting deployed (set in an env var)
View Source
var ResourceNS = "--cluster-resource-namespace=" + DeployNamespace
ResourceNS is the resource namespace arg for cert-manager-controller
View Source
var RoleBindingsToCreate = &rbacv1.RoleBindingList{ Items: []rbacv1.RoleBinding{*ControllerRoleBinding, *CAInjectorRoleBinding, *WebhookRoleBinding}, }
View Source
var RolesToCreate = &rbacv1.RoleList{ Items: []rbacv1.Role{*ControllerRole, *CAInjectorRole, *WebhookRole}, }
View Source
var ServiceAccountsToCreate = &corev1.ServiceAccountList{ Items: []corev1.ServiceAccount{*ControllerServiceAccount, *CAInjectorServiceAccount, *WebhookServiceAccount, *ConfigWatchServiceAccount}, }
View Source
var TrueVar = true
TrueVar the variable representing the boolean value true
View Source
var ValidatingWebhook = &admRegv1.ValidatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{ Name: CertManagerWebhookName, Labels: WebhookLabelMap, Annotations: map[string]string{ "cert-manager.io/inject-ca-from-secret": DeployNamespace + "/" + WebhookServingSecret, }, }, Webhooks: []admRegv1.ValidatingWebhook{ { Name: "webhook.cert-manager.io", Rules: []admRegv1.RuleWithOperations{ { Operations: []admRegv1.OperationType{ admRegv1.Create, admRegv1.Update, }, Rule: admRegv1.Rule{ APIGroups: []string{ "cert-manager.io", "acme.cert-manager.io", }, APIVersions: []string{ "v1", }, Resources: []string{ "*/*", }, }, }, }, AdmissionReviewVersions: []string{"v1"}, ClientConfig: admRegv1.WebhookClientConfig{ Service: &admRegv1.ServiceReference{ Namespace: DeployNamespace, Name: CertManagerWebhookName, Path: &valPath, }, }, FailurePolicy: &failPolicy, SideEffects: &sideEffect, NamespaceSelector: &metav1.LabelSelector{ MatchExpressions: []metav1.LabelSelectorRequirement{ { Key: "cert-manager.io/disable-validation", Operator: metav1.LabelSelectorOpNotIn, Values: []string{"true"}, }, { Key: "name", Operator: metav1.LabelSelectorOpNotIn, Values: []string{DeployNamespace}, }, }, }, TimeoutSeconds: &timeoutSecondsWebhook, }, }, }
ValidatingWebhook is the validating webhook definition for cert-manager-webhook
View Source
var WebhookClusterRole = &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-webhook:subjectaccessreviews", }, Rules: []rbacv1.PolicyRule{ { Verbs: []string{"create"}, APIGroups: []string{"authorization.k8s.io"}, Resources: []string{"subjectaccessreviews"}, }, }, }
View Source
var WebhookClusterRoleBinding = &rbacv1.ClusterRoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-webhook:subjectaccessreviews", }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", Name: "ibm-cert-manager-webhook", }, }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "ClusterRole", Name: "ibm-cert-manager-webhook:subjectaccessreviews", }, }
View Source
var WebhookDeployment = &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ Name: CertManagerWebhookName, Labels: WebhookLabelMap, }, Spec: appsv1.DeploymentSpec{ Replicas: &replicaCount, Selector: &metav1.LabelSelector{ MatchLabels: map[string]string{ "app": "ibm-cert-manager-webhook", }, }, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Labels: WebhookLabelMap, Annotations: securityAnnotationWebhook, }, Spec: certManagerWebhookPod, }, }, }
WebhookDeployment is the deployment template for deploying the cert-manager-webhook
View Source
var WebhookLabelMap = map[string]string{}
View Source
var WebhookRole = &rbacv1.Role{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-webhook:dynamic-serving", }, Rules: []rbacv1.PolicyRule{ { Verbs: []string{"get", "list", "watch", "update"}, APIGroups: []string{""}, Resources: []string{"secrets"}, ResourceNames: []string{"cert-manager-webhook-ca"}, }, { Verbs: []string{"create", "list"}, APIGroups: []string{""}, Resources: []string{"secrets"}, }, }, }
View Source
var WebhookRoleBinding = &rbacv1.RoleBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-webhook:dynamic-serving", }, Subjects: []rbacv1.Subject{ { Kind: "ServiceAccount", APIGroup: "", Name: "ibm-cert-manager-webhook", Namespace: DeployNamespace, }, }, RoleRef: rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "Role", Name: "ibm-cert-manager-webhook:dynamic-serving", }, }
View Source
var WebhookServiceAccount = &corev1.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ Name: "ibm-cert-manager-webhook", }, }
View Source
var WebhookSvc = &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ Name: CertManagerWebhookName, Namespace: DeployNamespace, Labels: map[string]string{ "app": "ibm-cert-manager-webhook", }, }, Spec: corev1.ServiceSpec{ Ports: []corev1.ServicePort{ { Name: "https", Port: 443, Protocol: "TCP", TargetPort: intstr.IntOrString{ IntVal: 10250, }, }, }, Selector: map[string]string{ "app": "ibm-cert-manager-webhook", }, Type: corev1.ServiceTypeClusterIP, }, }
WebhookSvc is the service definition for cert-manager-webhook
Functions ¶
func GetDeployNamespace ¶
func GetDeployNamespace() string
GetDeployNamespace returns the namespace cert manager operator is deployed in
func GetImageID ¶
func GetImageID(imageRegistry, imageName, defaultImageVersion, imagePostfix, envVarName string) string
GetImageID constructs image IDs for operands: either <IMAGE_NAME>:<IMAGE_TAG> or <IMAGE_NAME>@<IMAGE_SHA>
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.