Documentation
¶
Index ¶
- Constants
- Variables
- func ResolveTLSCertName(kymaName string) string
- func ResolveWebhookRuleResources(resource string, fieldName v1beta2.FieldName) []string
- type CACertificateCache
- type CertificateConfig
- type CertificateManager
- func (c *CertificateManager) CreateSelfSignedCert(ctx context.Context, kyma *v1beta2.Kyma) (*certmanagerv1.Certificate, error)
- func (c *CertificateManager) GetCACertificateStatus(ctx context.Context) (certmanagerv1.CertificateStatus, error)
- func (c *CertificateManager) GetSecret(ctx context.Context) (*CertificateSecret, error)
- func (c *CertificateManager) Remove(ctx context.Context) error
- func (c *CertificateManager) RemoveCertificate(ctx context.Context) error
- func (c *CertificateManager) RemoveSecretAfterCARotated(ctx context.Context, kymaObjKey client.ObjectKey) error
- type CertificateNotReadyError
- type CertificateSecret
- type GatewayConfig
- type SKRWebhookManager
- type SKRWebhookManifestManager
- type SkrWebhookManagerConfig
- type SubjectAltName
Constants ¶
View Source
const ( SkrTLSName = "skr-webhook-tls" SkrResourceName = "skr-webhook" )
View Source
const (
DomainAnnotation = shared.SKRDomainAnnotation
)
Variables ¶
View Source
var ( ErrDomainAnnotationEmpty = errors.New("domain annotation is empty") ErrDomainAnnotationMissing = errors.New("domain annotation is missing") ErrIssuerNotFound = errors.New("no certificate issuer found") )
View Source
var ErrGatewayHostWronglyConfigured = errors.New("gateway should have configured exactly one server and one host")
Functions ¶
func ResolveTLSCertName ¶
Types ¶
type CACertificateCache ¶
type CACertificateCache struct {
TTL time.Duration
*ttlcache.Cache[string, certmanagerv1.Certificate]
}
func NewCACertificateCache ¶
func NewCACertificateCache(ttl time.Duration) *CACertificateCache
func (*CACertificateCache) GetCACertStatusFromCache ¶
func (c *CACertificateCache) GetCACertStatusFromCache(caCertName string) certmanagerv1.CertificateStatus
func (*CACertificateCache) SetCACertToCache ¶
func (c *CACertificateCache) SetCACertToCache(cert certmanagerv1.Certificate)
type CertificateConfig ¶
type CertificateConfig struct {
// IstioNamespace represents the cluster resource namespace of istio
IstioNamespace string
// RemoteSyncNamespace indicates the sync namespace for Kyma and module catalog
RemoteSyncNamespace string
// CACertificateName indicates the Name of the CA Root Certificate in the Istio Namespace
CACertificateName string
// AdditionalDNSNames indicates the DNS Names which should be added additional to the Subject
// Alternative Names of each Kyma Certificate
AdditionalDNSNames []string
Duration time.Duration
RenewBefore time.Duration
RenewBuffer time.Duration
}
type CertificateManager ¶
type CertificateManager struct {
// contains filtered or unexported fields
}
func NewCertificateManager ¶
func NewCertificateManager(kcpClient client.Client, kymaName string, config CertificateConfig, caCertCache *CACertificateCache, ) *CertificateManager
NewCertificateManager returns a new CertificateManager, which can be used for creating a cert-manager Certificates.
func (*CertificateManager) CreateSelfSignedCert ¶
func (c *CertificateManager) CreateSelfSignedCert(ctx context.Context, kyma *v1beta2.Kyma) (*certmanagerv1.Certificate, error, )
CreateSelfSignedCert creates a cert-manager Certificate with a sufficient set of Subject-Alternative-Names.
func (*CertificateManager) GetCACertificateStatus ¶
func (c *CertificateManager) GetCACertificateStatus(ctx context.Context) (certmanagerv1.CertificateStatus, error)
func (*CertificateManager) GetSecret ¶
func (c *CertificateManager) GetSecret(ctx context.Context) (*CertificateSecret, error)
func (*CertificateManager) Remove ¶
func (c *CertificateManager) Remove(ctx context.Context) error
Remove removes the certificate including its certificate secret.
func (*CertificateManager) RemoveCertificate ¶
func (c *CertificateManager) RemoveCertificate(ctx context.Context) error
func (*CertificateManager) RemoveSecretAfterCARotated ¶
type CertificateNotReadyError ¶
type CertificateNotReadyError struct{}
func (*CertificateNotReadyError) Error ¶
func (e *CertificateNotReadyError) Error() string
type CertificateSecret ¶
type GatewayConfig ¶
type GatewayConfig struct {
// IstioGatewayName represents the cluster resource name of the klm istio gateway
IstioGatewayName string
// IstioGatewayNamespace represents the cluster resource namespace of the klm istio gateway
IstioGatewayNamespace string
// LocalGatewayPortOverwrite indicates the port used to expose the KCP cluster locally in k3d
// for the watcher callbacks
LocalGatewayPortOverwrite string
}
type SKRWebhookManager ¶
type SKRWebhookManifestManager ¶
type SKRWebhookManifestManager struct {
WatcherMetrics *metrics.WatcherMetrics
// contains filtered or unexported fields
}
SKRWebhookManifestManager is a SKRWebhookManager implementation that applies the SKR webhook's raw manifest using a native kube-client.
func NewSKRWebhookManifestManager ¶
func NewSKRWebhookManifestManager(kcpConfig *rest.Config, schema *machineryruntime.Scheme, caCertificateCache *CACertificateCache, managerConfig SkrWebhookManagerConfig, certificateConfig CertificateConfig, gatewayConfig GatewayConfig, ) (*SKRWebhookManifestManager, error)
type SkrWebhookManagerConfig ¶
type SkrWebhookManagerConfig struct {
// SKRWatcherPath represents the path of the webhook resources
// to be installed on SKR clusters upon reconciling kyma CRs.
SKRWatcherPath string
SkrWatcherImage string
SkrWebhookMemoryLimits string
SkrWebhookCPULimits string
// RemoteSyncNamespace indicates the sync namespace for Kyma and module catalog
RemoteSyncNamespace string
}
Source Files
Click to show internal directories.
Click to hide internal directories.