Documentation

Overview

    Package apicerts contains controllers that work together to provide rotating API certs.

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    func NewAPIServiceUpdaterController

    func NewAPIServiceUpdaterController(
    	namespace string,
    	certsSecretResourceName string,
    	apiServiceName string,
    	aggregatorClient aggregatorclient.Interface,
    	secretInformer corev1informers.SecretInformer,
    	withInformer pinnipedcontroller.WithInformerOptionFunc,
    ) controllerlib.Controller

    func NewCertsExpirerController

    func NewCertsExpirerController(
    	namespace string,
    	certsSecretResourceName string,
    	k8sClient kubernetes.Interface,
    	secretInformer corev1informers.SecretInformer,
    	withInformer pinnipedcontroller.WithInformerOptionFunc,
    	renewBefore time.Duration,
    ) controllerlib.Controller

      NewCertsExpirerController returns a controllerlib.Controller that will delete a certificate secret once it gets within some threshold of its expiration time. The deletion forces rotation of the secret with the help of other controllers.

      func NewCertsManagerController

      func NewCertsManagerController(
      	namespace string,
      	certsSecretResourceName string,
      	certsSecretLabels map[string]string,
      	k8sClient kubernetes.Interface,
      	secretInformer corev1informers.SecretInformer,
      	withInformer pinnipedcontroller.WithInformerOptionFunc,
      	withInitialEvent pinnipedcontroller.WithInitialEventOptionFunc,
      	certDuration time.Duration,
      	generatedCACommonName string,
      	serviceNameForGeneratedCertCommonName string,
      ) controllerlib.Controller

      func NewCertsObserverController

      func NewCertsObserverController(
      	namespace string,
      	certsSecretResourceName string,
      	dynamicCertProvider dynamiccert.Provider,
      	secretInformer corev1informers.SecretInformer,
      	withInformer pinnipedcontroller.WithInformerOptionFunc,
      ) controllerlib.Controller

      func UpdateAPIService

      func UpdateAPIService(ctx context.Context, aggregatorClient aggregatorclient.Interface, apiServiceName, serviceNamespace string, aggregatedAPIServerCA []byte) error

        UpdateAPIService updates the APIService's CA bundle.

        Types

        This section is empty.