Documentation ¶
Index ¶
- Constants
- Variables
- func ResolveTLSCertName(kymaName string) string
- func ResolveWebhookRuleResources(resource string, fieldName v1beta2.FieldName) []string
- type CACertificateCache
- type CertificateConfig
- type CertificateManager
- func (c *CertificateManager) CreateSelfSignedCert(ctx context.Context, kyma *v1beta2.Kyma) (*certmanagerv1.Certificate, error)
- func (c *CertificateManager) GetCACertificateStatus(ctx context.Context) (certmanagerv1.CertificateStatus, error)
- func (c *CertificateManager) GetSecret(ctx context.Context) (*CertificateSecret, error)
- func (c *CertificateManager) Remove(ctx context.Context) error
- func (c *CertificateManager) RemoveCertificate(ctx context.Context) error
- func (c *CertificateManager) RemoveSecretAfterCARotated(ctx context.Context, kymaObjKey client.ObjectKey) error
- type CertificateNotReadyError
- type CertificateSecret
- type GatewayConfig
- type SKRWebhookManager
- type SKRWebhookManifestManager
- type SkrWebhookManagerConfig
- type SubjectAltName
Constants ¶
View Source
const ( SkrTLSName = "skr-webhook-tls" SkrResourceName = "skr-webhook" )
View Source
const (
DomainAnnotation = shared.SKRDomainAnnotation
)
Variables ¶
View Source
var ( ErrDomainAnnotationEmpty = errors.New("domain annotation is empty") ErrDomainAnnotationMissing = errors.New("domain annotation is missing") ErrIssuerNotFound = errors.New("no certificate issuer found") )
View Source
var ErrGatewayHostWronglyConfigured = errors.New("gateway should have configured exactly one server and one host")
Functions ¶
func ResolveTLSCertName ¶
Types ¶
type CACertificateCache ¶
type CACertificateCache struct { TTL time.Duration *ttlcache.Cache[string, certmanagerv1.Certificate] }
func NewCACertificateCache ¶
func NewCACertificateCache(ttl time.Duration) *CACertificateCache
func (*CACertificateCache) GetCACertStatusFromCache ¶
func (c *CACertificateCache) GetCACertStatusFromCache(caCertName string) certmanagerv1.CertificateStatus
func (*CACertificateCache) SetCACertToCache ¶
func (c *CACertificateCache) SetCACertToCache(cert certmanagerv1.Certificate)
type CertificateConfig ¶
type CertificateConfig struct { // IstioNamespace represents the cluster resource namespace of istio IstioNamespace string // RemoteSyncNamespace indicates the sync namespace for Kyma and module catalog RemoteSyncNamespace string // CACertificateName indicates the Name of the CA Root Certificate in the Istio Namespace CACertificateName string // AdditionalDNSNames indicates the DNS Names which should be added additional to the Subject // Alternative Names of each Kyma Certificate AdditionalDNSNames []string Duration time.Duration RenewBefore time.Duration RenewBuffer time.Duration }
type CertificateManager ¶
type CertificateManager struct {
// contains filtered or unexported fields
}
func NewCertificateManager ¶
func NewCertificateManager(kcpClient client.Client, kymaName string, config CertificateConfig, caCertCache *CACertificateCache, ) *CertificateManager
NewCertificateManager returns a new CertificateManager, which can be used for creating a cert-manager Certificates.
func (*CertificateManager) CreateSelfSignedCert ¶
func (c *CertificateManager) CreateSelfSignedCert(ctx context.Context, kyma *v1beta2.Kyma) (*certmanagerv1.Certificate, error, )
CreateSelfSignedCert creates a cert-manager Certificate with a sufficient set of Subject-Alternative-Names.
func (*CertificateManager) GetCACertificateStatus ¶
func (c *CertificateManager) GetCACertificateStatus(ctx context.Context) (certmanagerv1.CertificateStatus, error)
func (*CertificateManager) GetSecret ¶
func (c *CertificateManager) GetSecret(ctx context.Context) (*CertificateSecret, error)
func (*CertificateManager) Remove ¶
func (c *CertificateManager) Remove(ctx context.Context) error
Remove removes the certificate including its certificate secret.
func (*CertificateManager) RemoveCertificate ¶
func (c *CertificateManager) RemoveCertificate(ctx context.Context) error
func (*CertificateManager) RemoveSecretAfterCARotated ¶
type CertificateNotReadyError ¶
type CertificateNotReadyError struct{}
func (*CertificateNotReadyError) Error ¶
func (e *CertificateNotReadyError) Error() string
type CertificateSecret ¶
type GatewayConfig ¶
type GatewayConfig struct { // IstioGatewayName represents the cluster resource name of the klm istio gateway IstioGatewayName string // IstioGatewayNamespace represents the cluster resource namespace of the klm istio gateway IstioGatewayNamespace string // LocalGatewayPortOverwrite indicates the port used to expose the KCP cluster locally in k3d // for the watcher callbacks LocalGatewayPortOverwrite string }
type SKRWebhookManager ¶
type SKRWebhookManifestManager ¶
type SKRWebhookManifestManager struct { WatcherMetrics *metrics.WatcherMetrics // contains filtered or unexported fields }
SKRWebhookManifestManager is a SKRWebhookManager implementation that applies the SKR webhook's raw manifest using a native kube-client.
func NewSKRWebhookManifestManager ¶
func NewSKRWebhookManifestManager(kcpConfig *rest.Config, schema *machineryruntime.Scheme, caCertificateCache *CACertificateCache, managerConfig SkrWebhookManagerConfig, certificateConfig CertificateConfig, gatewayConfig GatewayConfig, ) (*SKRWebhookManifestManager, error)
type SkrWebhookManagerConfig ¶
type SkrWebhookManagerConfig struct { // SKRWatcherPath represents the path of the webhook resources // to be installed on SKR clusters upon reconciling kyma CRs. SKRWatcherPath string SkrWatcherImage string SkrWebhookMemoryLimits string SkrWebhookCPULimits string // RemoteSyncNamespace indicates the sync namespace for Kyma and module catalog RemoteSyncNamespace string }
Click to show internal directories.
Click to hide internal directories.