Documentation ¶
Overview ¶
Package apicerts contains controllers that work together to provide rotating API certs.
Index ¶
- Constants
- func NewAPIServiceUpdaterController(namespace string, certsSecretResourceName string, apiServiceName string, ...) controllerlib.Controller
- func NewCertsExpirerController(namespace string, certsSecretResourceName string, ...) controllerlib.Controller
- func NewCertsManagerController(namespace string, certsSecretResourceName string, ...) controllerlib.Controller
- func NewCertsObserverController(namespace string, certsSecretResourceName string, ...) controllerlib.Controller
- func UpdateAPIService(ctx context.Context, aggregatorClient aggregatorclient.Interface, ...) error
Constants ¶
View Source
const ( CACertificateSecretKey = "caCertificate" CACertificatePrivateKeySecretKey = "caCertificatePrivateKey" TLSCertificateChainSecretKey = "tlsCertificateChain" )
Variables ¶
This section is empty.
Functions ¶
func NewAPIServiceUpdaterController ¶
func NewAPIServiceUpdaterController( namespace string, certsSecretResourceName string, apiServiceName string, aggregatorClient aggregatorclient.Interface, secretInformer corev1informers.SecretInformer, withInformer pinnipedcontroller.WithInformerOptionFunc, ) controllerlib.Controller
func NewCertsExpirerController ¶
func NewCertsExpirerController( namespace string, certsSecretResourceName string, k8sClient kubernetes.Interface, secretInformer corev1informers.SecretInformer, withInformer pinnipedcontroller.WithInformerOptionFunc, renewBefore time.Duration, secretKey string, logger plog.Logger, ) controllerlib.Controller
NewCertsExpirerController returns a controllerlib.Controller that will delete a certificate secret once it gets within some threshold of its expiration time. The deletion forces rotation of the secret with the help of other controllers.
func NewCertsManagerController ¶
func NewCertsManagerController( namespace string, certsSecretResourceName string, certsSecretLabels map[string]string, k8sClient kubernetes.Interface, secretInformer corev1informers.SecretInformer, withInformer pinnipedcontroller.WithInformerOptionFunc, withInitialEvent pinnipedcontroller.WithInitialEventOptionFunc, certDuration time.Duration, generatedCACommonName string, serviceNameForGeneratedCertCommonName string, ) controllerlib.Controller
func NewCertsObserverController ¶
func NewCertsObserverController( namespace string, certsSecretResourceName string, dynamicCertProvider dynamiccert.Private, secretInformer corev1informers.SecretInformer, withInformer pinnipedcontroller.WithInformerOptionFunc, ) controllerlib.Controller
func UpdateAPIService ¶
func UpdateAPIService(ctx context.Context, aggregatorClient aggregatorclient.Interface, apiServiceName, serviceNamespace string, aggregatedAPIServerCA []byte) error
UpdateAPIService updates the APIService's CA bundle.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.