controller

package
v1.7.0-alpha.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 21, 2021 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// KeyFunc creates a key for an API object. The key can be passed to a
	// worker function that processes an object from a queue such as
	// ProcessItem.
	KeyFunc = cache.DeletionHandlingMetaNamespaceKeyFunc
)

Functions

func BuildAnnotationsToCopy added in v1.5.1 

func BuildAnnotationsToCopy(allAnnotations map[string]string, prefixes []string) map[string]string

BuildAnnotationsCopy takes a map of annotations and a list of prefix filters and builds a filtered map of annotations. It is used to filter annotations to be copied from Certificate to CertificateRequest and from CertificateSigningRequest to Order.

func DefaultItemBasedRateLimiter added in v0.6.0 

func DefaultItemBasedRateLimiter() workqueue.RateLimiter

DefaultItemBasedRateLimiter returns a new rate limiter with base delay of 5 seconds, max delay of 5 minutes.

func HandleOwnedResourceNamespacedFunc added in v0.9.0 

func HandleOwnedResourceNamespacedFunc(log logr.Logger, queue workqueue.RateLimitingInterface, ownerGVK schema.GroupVersionKind, get func(namespace, name string) (interface{}, error)) func(obj interface{})

HandleOwnedResourceNamespacedFunc returns a function thataccepts a Kubernetes object and adds its owner references to the workqueue. https://kubernetes.io/docs/concepts/workloads/controllers/garbage-collection/#owners-and-dependents

func Known 

func Known() map[string]Constructor

Known returns a map of the registered controller Constructors

func Register 

func Register(name string, fn Constructor)

Register registers a controller constructor with the controller package

Types

type ACMEOptions 

type ACMEOptions struct {
	// ACMEHTTP01SolverImage is the image to use for solving ACME HTTP01
	// challenges
	HTTP01SolverImage string

	// HTTP01SolverResourceRequestCPU defines the ACME pod's resource request CPU size
	HTTP01SolverResourceRequestCPU resource.Quantity

	// HTTP01SolverResourceRequestMemory defines the ACME pod's resource request Memory size
	HTTP01SolverResourceRequestMemory resource.Quantity

	// HTTP01SolverResourceLimitsCPU defines the ACME pod's resource limits CPU size
	HTTP01SolverResourceLimitsCPU resource.Quantity

	// HTTP01SolverResourceLimitsMemory defines the ACME pod's resource limits Memory size
	HTTP01SolverResourceLimitsMemory resource.Quantity

	// DNS01CheckAuthoritative is a flag for controlling if auth nss are used
	// for checking propagation of an RR. This is the ideal scenario
	DNS01CheckAuthoritative bool

	// DNS01Nameservers is a list of nameservers to use when performing self-checks
	// for ACME DNS01 validations.
	DNS01Nameservers []string

	// AccountRegistry is used as a cache of ACME accounts between various
	// components of cert-manager
	AccountRegistry accounts.Registry

	// DNS01CheckRetryPeriod is the time the controller should wait between checking if a ACME dns entry exists.
	DNS01CheckRetryPeriod time.Duration
}

type BlockingEventHandler 

type BlockingEventHandler struct {
	WorkFunc func(obj interface{})
}

BlockingEventHandler is an implementation of cache.ResourceEventHandler that simply synchronously calls it's WorkFunc upon calls to OnAdd, OnUpdate or OnDelete.

func (*BlockingEventHandler) Enqueue 

func (b *BlockingEventHandler) Enqueue(obj interface{})

Enqueue synchronously adds a key for an object to the workqueue.

func (*BlockingEventHandler) OnAdd 

func (b *BlockingEventHandler) OnAdd(obj interface{})

OnAdd synchronously adds a newly created object to the workqueue.

func (*BlockingEventHandler) OnDelete 

func (b *BlockingEventHandler) OnDelete(obj interface{})

OnDelete synchronously adds a deleted object to the workqueue.

func (*BlockingEventHandler) OnUpdate 

func (b *BlockingEventHandler) OnUpdate(old, new interface{})

OnUpdate synchronously adds an updated object to the workqueue.

type Builder added in v0.10.0 

type Builder struct {
	// contains filtered or unexported fields
}

Builder is used to build controllers that implement the queuingController interface

func NewBuilder added in v0.10.0 

func NewBuilder(controllerctx *Context, name string) *Builder

New creates a basic Builder, setting the sync call to the one given

func (*Builder) Complete added in v0.10.0 

func (b *Builder) Complete() (Interface, error)

func (*Builder) First added in v0.14.0 

func (b *Builder) First(function func(context.Context)) *Builder

First will register a function that will be called once, after the controller has been initialised. They are queued, run sequentially, and block "With" runDurationFuncs from running until all are complete.

func (*Builder) For added in v0.10.0 

func (b *Builder) For(ctrl queueingController) *Builder

func (*Builder) With added in v0.10.0 

func (b *Builder) With(function func(context.Context), duration time.Duration) *Builder

With will register an additional function that should be called every 'duration' alongside the controller. This is useful if a controller needs to periodically run a scheduled task.

type CertificateOptions added in v0.6.0 

type CertificateOptions struct {
	// EnableOwnerRef controls whether the certificate is configured as an owner of
	// secret where the effective TLS certificate is stored.
	EnableOwnerRef bool
	// CopiedAnnotationPrefixes defines which annotations should be copied
	// Certificate -> CertificateRequest, CertificateRequest -> Order.
	CopiedAnnotationPrefixes []string
}

type Constructor 

type Constructor func(ctx *Context) (Interface, error)

Constructor is a function that creates a new control loop given a controller Context.

type Context 

type Context struct {
	// RootContext is the root context for the controller
	RootContext context.Context

	// StopCh is a channel that will be closed when the controller is signalled
	// to exit
	StopCh <-chan struct{}
	// RESTConfig is the loaded Kubernetes apiserver rest client configuration
	RESTConfig *rest.Config
	// Client is a Kubernetes clientset
	Client kubernetes.Interface
	// CMClient is a cert-manager clientset
	CMClient clientset.Interface
	// GWClient is a GatewayAPI clientset.
	GWClient gwclient.Interface
	// DiscoveryClient is a discovery interface. Usually set to Client.Discovery unless a fake client is in use.
	DiscoveryClient discovery.DiscoveryInterface

	// Recorder to record events to
	Recorder record.EventRecorder

	// KubeSharedInformerFactory can be used to obtain shared
	// SharedIndexInformer instances for Kubernetes types
	KubeSharedInformerFactory kubeinformers.SharedInformerFactory
	// SharedInformerFactory can be used to obtain shared SharedIndexInformer
	// instances
	SharedInformerFactory informers.SharedInformerFactory

	// The Gateway API is an external CRD, which means its shared informers are
	// not available in controllerpkg.Context.
	GWShared             gwinformers.SharedInformerFactory
	GatewaySolverEnabled bool

	// Namespace is the namespace to operate within.
	// If unset, operates on all namespaces
	Namespace string

	// Clock should be used to access the current time instead of relying on
	// time.Now, to make it easier to test controllers that utilise time
	Clock clock.Clock

	// Metrics is used for exposing Prometheus metrics across the controllers
	Metrics *metrics.Metrics

	IssuerOptions
	ACMEOptions
	IngressShimOptions
	CertificateOptions
	SchedulerOptions
}

Context contains various types that are used by controller implementations. We purposely don't have specific informers/listers here, and instead keep a reference to a SharedInformerFactory so that controllers can choose themselves which listers are required.

type IngressShimOptions 

type IngressShimOptions struct {
	DefaultIssuerName                 string
	DefaultIssuerKind                 string
	DefaultIssuerGroup                string
	DefaultAutoCertificateAnnotations []string
}

IngressShimOptions contain default Issuer GVK config for the certificate-shim controllers. These are set from the cmd cli flags, allowing the controllers to support legacy annotations such as `kubernetes.io/tls-acme`.

type Interface 

type Interface interface {
	// Run will start a controller. 'workers' should be the  number of
	// independent goroutines for this controller in question that are to be
	// run, and the workers should shut down upon a signal on stopCh.
	// This method should block until all workers have exited cleanly, thus
	// allowing for graceful shutdown of control loops.
	Run(workers int, stopCh <-chan struct{}) error
}

Interface represents a controller that can be run.

func NewController added in v0.15.0 

func NewController(
	ctx context.Context,
	name string,
	metrics *metrics.Metrics,
	syncFunc func(ctx context.Context, key string) error,
	mustSync []cache.InformerSynced,
	runDurationFuncs []runDurationFunc,
	queue workqueue.RateLimitingInterface,
) Interface

type IssuerOptions 

type IssuerOptions struct {
	// ClusterResourceNamespace is the namespace to store resources created by
	// non-namespaced resources (e.g. ClusterIssuer) in.
	ClusterResourceNamespace string

	// ClusterIssuerAmbientCredentials controls whether a cluster issuer should
	// pick up ambient credentials, such as those from metadata services, to
	// construct clients.
	ClusterIssuerAmbientCredentials bool

	// IssuerAmbientCredentials controls whether an issuer should pick up ambient
	// credentials, such as those from metadata services, to construct clients.
	IssuerAmbientCredentials bool
}

func (IssuerOptions) CanUseAmbientCredentials 

func (o IssuerOptions) CanUseAmbientCredentials(iss cmapi.GenericIssuer) bool

CanUseAmbientCredentials returns whether `iss` will attempt to configure itself from ambient credentials (e.g. from a cloud metadata service).

func (IssuerOptions) ResourceNamespace 

func (o IssuerOptions) ResourceNamespace(iss cmapi.GenericIssuer) string

ResourceNamespace returns the Kubernetes namespace where resources created or read by `iss` are located.

type QueuingEventHandler 

type QueuingEventHandler struct {
	Queue workqueue.RateLimitingInterface
}

QueuingEventHandler is an implementation of cache.ResourceEventHandler that simply queues objects that are added/updated/deleted.

func (*QueuingEventHandler) Enqueue 

func (q *QueuingEventHandler) Enqueue(obj interface{})

Enqueue adds a key for an object to the workqueue.

func (*QueuingEventHandler) OnAdd 

func (q *QueuingEventHandler) OnAdd(obj interface{})

OnAdd adds a newly created object to the workqueue.

func (*QueuingEventHandler) OnDelete 

func (q *QueuingEventHandler) OnDelete(obj interface{})

OnDelete adds a deleted object to the workqueue for processing.

func (*QueuingEventHandler) OnUpdate 

func (q *QueuingEventHandler) OnUpdate(old, new interface{})

OnUpdate adds an updated object to the workqueue.

type SchedulerOptions added in v0.8.0 

type SchedulerOptions struct {
	// MaxConcurrentChallenges determines the maximum number of challenges that can be
	// scheduled as 'processing' at once.
	MaxConcurrentChallenges int
}

Source Files

View all Source files

Directories

Path Synopsis
scheduler
selectors
gateways
ingresses
acme
approver
ca
fake
selfsigned
util
vault
venafi
internal/secretsmanager
internal/test
issuing
keymanager
metrics
readiness
requestmanager
revisionmanager
trigger
trigger/policies
Package policies provides functionality to evaluate Certificate's state
 Package policies provides functionality to evaluate Certificate's state
acme
ca
fake
selfsigned
util
vault
venafi
Package test contains testing utilities used for constructing fake Contexts which can be used during tests.
 Package test contains testing utilities used for constructing fake Contexts which can be used during tests.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.