Back to godoc.org

Package controller

v1.0.1
Latest Go to latest

The highest tagged major version is .

Published: Sep 4, 2020 | License: Apache-2.0 | Module: github.com/jetstack/cert-manager

Index

Variables

var (
	KeyFunc = cache.DeletionHandlingMetaNamespaceKeyFunc
)

func DefaultItemBasedRateLimiter

func DefaultItemBasedRateLimiter() workqueue.RateLimiter

func HandleOwnedResourceNamespacedFunc

func HandleOwnedResourceNamespacedFunc(log logr.Logger, queue workqueue.RateLimitingInterface, ownerGVK schema.GroupVersionKind, get func(namespace, name string) (interface{}, error)) func(obj interface{})

func Known

func Known() map[string]Constructor

Known returns a map of the registered controller Constructors

func Register

func Register(name string, fn Constructor)

Register registers a controller constructor with the controller package

type ACMEOptions

type ACMEOptions struct {
	// ACMEHTTP01SolverImage is the image to use for solving ACME HTTP01
	// challenges
	HTTP01SolverImage string

	// HTTP01SolverResourceRequestCPU defines the ACME pod's resource request CPU size
	HTTP01SolverResourceRequestCPU resource.Quantity

	// HTTP01SolverResourceRequestMemory defines the ACME pod's resource request Memory size
	HTTP01SolverResourceRequestMemory resource.Quantity

	// HTTP01SolverResourceLimitsCPU defines the ACME pod's resource limits CPU size
	HTTP01SolverResourceLimitsCPU resource.Quantity

	// HTTP01SolverResourceLimitsMemory defines the ACME pod's resource limits Memory size
	HTTP01SolverResourceLimitsMemory resource.Quantity

	// DNS01CheckAuthoritative is a flag for controlling if auth nss are used
	// for checking propagation of an RR. This is the ideal scenario
	DNS01CheckAuthoritative bool

	// DNS01Nameservers is a list of nameservers to use when performing self-checks
	// for ACME DNS01 validations.
	DNS01Nameservers []string

	// AccountRegistry is used as a cache of ACME accounts between various
	// components of cert-manager
	AccountRegistry accounts.Registry
}

type BlockingEventHandler

type BlockingEventHandler struct {
	WorkFunc func(obj interface{})
}

BlockingEventHandler is an implementation of cache.ResourceEventHandler that simply synchronously calls it's WorkFunc upon calls to OnAdd, OnUpdate or OnDelete.

func (*BlockingEventHandler) Enqueue

func (b *BlockingEventHandler) Enqueue(obj interface{})

func (*BlockingEventHandler) OnAdd

func (b *BlockingEventHandler) OnAdd(obj interface{})

func (*BlockingEventHandler) OnDelete

func (b *BlockingEventHandler) OnDelete(obj interface{})

func (*BlockingEventHandler) OnUpdate

func (b *BlockingEventHandler) OnUpdate(old, new interface{})

type Builder

type Builder struct {
	// contains filtered or unexported fields
}

Builder is used to build controllers that implement the queuingController interface

func NewBuilder

func NewBuilder(controllerctx *Context, name string) *Builder

New creates a basic Builder, setting the sync call to the one given

func (*Builder) Complete

func (b *Builder) Complete() (Interface, error)

func (*Builder) First

func (b *Builder) First(function func(context.Context)) *Builder

First will register a function that will be called once, after the controller has been initialised. They are queued, run sequentially, and block "With" runDurationFuncs from running until all are complete.

func (*Builder) For

func (b *Builder) For(ctrl queueingController) *Builder

func (*Builder) With

func (b *Builder) With(function func(context.Context), duration time.Duration) *Builder

With will register an additional function that should be called every 'duration' alongside the controller. This is useful if a controller needs to periodically run a scheduled task.

type CertificateOptions

type CertificateOptions struct {
	// EnableOwnerRef controls whether the certificate is configured as an owner of
	// secret where the effective TLS certificate is stored.
	EnableOwnerRef bool
}

type Constructor

type Constructor func(ctx *Context) (Interface, error)

Constructor is a function that creates a new control loop given a controller Context.

type Context

type Context struct {
	// RootContext is the root context for the controller
	RootContext context.Context

	// StopCh is a channel that will be closed when the controller is signalled
	// to exit
	StopCh <-chan struct{}
	// RESTConfig is the loaded Kubernetes apiserver rest client configuration
	RESTConfig *rest.Config
	// Client is a Kubernetes clientset
	Client kubernetes.Interface
	// CMClient is a cert-manager clientset
	CMClient clientset.Interface
	// Recorder to record events to
	Recorder record.EventRecorder

	// KubeSharedInformerFactory can be used to obtain shared
	// SharedIndexInformer instances for Kubernetes types
	KubeSharedInformerFactory kubeinformers.SharedInformerFactory
	// SharedInformerFactory can be used to obtain shared SharedIndexInformer
	// instances
	SharedInformerFactory informers.SharedInformerFactory

	// Namespace is the namespace to operate within.
	// If unset, operates on all namespaces
	Namespace string

	// Clock should be used to access the current time instead of relying on
	// time.Now, to make it easier to test controllers that utilise time
	Clock clock.Clock

	// Metrics is used for exposing Prometheus metrics across the controllers
	Metrics *metrics.Metrics

	IssuerOptions
	ACMEOptions
	IngressShimOptions
	CertificateOptions
	SchedulerOptions
}

Context contains various types that are used by controller implementations. We purposely don't have specific informers/listers here, and instead keep a reference to a SharedInformerFactory so that controllers can choose themselves which listers are required.

type IngressShimOptions

type IngressShimOptions struct {
	// Default issuer/certificates details consumed by ingress-shim
	DefaultIssuerName                 string
	DefaultIssuerKind                 string
	DefaultIssuerGroup                string
	DefaultAutoCertificateAnnotations []string
}

type Interface

type Interface interface {
	// Run will start a controller. 'workers' should be the  number of
	// independent goroutines for this controller in question that are to be
	// run, and the workers should shut down upon a signal on stopCh.
	// This method should block until all workers have exited cleanly, thus
	// allowing for graceful shutdown of control loops.
	Run(workers int, stopCh <-chan struct{}) error
}

Interface represents a controller that can be run.

func NewController

func NewController(
	ctx context.Context,
	name string,
	metrics *metrics.Metrics,
	syncFunc func(ctx context.Context, key string) error,
	mustSync []cache.InformerSynced,
	runDurationFuncs []runDurationFunc,
	queue workqueue.RateLimitingInterface,
) Interface

type IssuerOptions

type IssuerOptions struct {
	// ClusterResourceNamespace is the namespace to store resources created by
	// non-namespaced resources (e.g. ClusterIssuer) in.
	ClusterResourceNamespace string

	// ClusterIssuerAmbientCredentials controls whether a cluster issuer should
	// pick up ambient credentials, such as those from metadata services, to
	// construct clients.
	ClusterIssuerAmbientCredentials bool

	// IssuerAmbientCredentials controls whether an issuer should pick up ambient
	// credentials, such as those from metadata services, to construct clients.
	IssuerAmbientCredentials bool

	// RenewBeforeExpiryDuration is the default 'renew before expiry' time for Certificates.
	// Once a certificate is within this duration until expiry, a new Certificate
	// will be attempted to be issued.
	RenewBeforeExpiryDuration time.Duration
}

func (IssuerOptions) CalculateDurationUntilRenew

func (o IssuerOptions) CalculateDurationUntilRenew(ctx context.Context, cert *x509.Certificate, crt *cmapi.Certificate) time.Duration

CalculateDurationUntilRenew calculates how long cert-manager should wait to until attempting to renew this certificate resource.

func (IssuerOptions) CanUseAmbientCredentials

func (o IssuerOptions) CanUseAmbientCredentials(iss cmapi.GenericIssuer) bool

func (IssuerOptions) CertificateNeedsRenew

func (o IssuerOptions) CertificateNeedsRenew(ctx context.Context, cert *x509.Certificate, crt *cmapi.Certificate) bool

func (IssuerOptions) ResourceNamespace

func (o IssuerOptions) ResourceNamespace(iss cmapi.GenericIssuer) string

type QueuingEventHandler

type QueuingEventHandler struct {
	Queue workqueue.RateLimitingInterface
}

QueuingEventHandler is an implementation of cache.ResourceEventHandler that simply queues objects that are added/updated/deleted.

func (*QueuingEventHandler) Enqueue

func (q *QueuingEventHandler) Enqueue(obj interface{})

func (*QueuingEventHandler) OnAdd

func (q *QueuingEventHandler) OnAdd(obj interface{})

func (*QueuingEventHandler) OnDelete

func (q *QueuingEventHandler) OnDelete(obj interface{})

func (*QueuingEventHandler) OnUpdate

func (q *QueuingEventHandler) OnUpdate(old, new interface{})

type SchedulerOptions

type SchedulerOptions struct {
	// MaxConcurrentChallenges determines the maximum number of challenges that can be
	// scheduled as 'processing' at once.
	MaxConcurrentChallenges int
}

Package Files

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier