Documentation
¶
Index ¶
- type CertificateRequestPatch
- type CertificateRequestPredicate
- type CertificateRequestReconciler
- type CertificateSigningRequestPatch
- type CertificateSigningRequestPredicate
- type CertificateSigningRequestReconciler
- type CombinedController
- type IssuerPredicate
- type IssuerReconciler
- type IssuerType
- type LinkedIssuerPredicate
- type MatchIssuerType
- type RequestController
- func (r *RequestController) AllIssuerTypes() []IssuerType
- func (r *RequestController) Init(requestType client.Object, requestPredicate predicate.Predicate, ...) *RequestController
- func (r *RequestController) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
- func (r *RequestController) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error
- type RequestObjectHelper
- type RequestObjectHelperCreator
- type RequestPatch
- type RequestPatchHelper
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CertificateRequestPatch ¶
type CertificateRequestPatch interface {
CertificateRequestPatch() *cmapi.CertificateRequestStatus
}
type CertificateRequestPredicate ¶
This predicate is used to indicate when a CertificateRequest event should trigger a reconciliation of itself.
In these cases we want to trigger: - an annotation changed/ was added or removed - a status condition was added or removed - a status condition that does not have type == Ready was changed (aka. other Status value)
func (CertificateRequestPredicate) Update ¶
func (CertificateRequestPredicate) Update(e event.UpdateEvent) bool
type CertificateRequestReconciler ¶
type CertificateRequestReconciler struct {
RequestController
// SetCAOnCertificateRequest is used to enable setting the CA status field on
// the CertificateRequest resource. This is disabled by default.
// Deprecated: this option is for backwards compatibility only. The use of
// ca.crt is discouraged. Instead, the CA certificate should be provided
// separately using a tool such as trust-manager.
SetCAOnCertificateRequest bool
}
CertificateRequestReconciler reconciles a CertificateRequest object
func (*CertificateRequestReconciler) Init ¶
func (r *CertificateRequestReconciler) Init() *CertificateRequestReconciler
func (*CertificateRequestReconciler) SetupWithManager ¶
type CertificateSigningRequestPatch ¶
type CertificateSigningRequestPatch interface {
CertificateSigningRequestPatch() *certificatesv1.CertificateSigningRequestStatus
}
type CertificateSigningRequestPredicate ¶
This predicate is used to indicate when a CertificateSigningRequest event should trigger a reconciliation of itself.
In these cases we want to trigger: - an annotation changed/ was added or removed - a status condition was added or removed - a status condition was changed
func (CertificateSigningRequestPredicate) Update ¶
func (CertificateSigningRequestPredicate) Update(e event.UpdateEvent) bool
type CertificateSigningRequestReconciler ¶
type CertificateSigningRequestReconciler struct {
RequestController
}
CertificateSigningRequestReconciler reconciles a CertificateSigningRequest object
func (*CertificateSigningRequestReconciler) Init ¶
func (r *CertificateSigningRequestReconciler) Init() *CertificateSigningRequestReconciler
func (*CertificateSigningRequestReconciler) SetupWithManager ¶
func (r *CertificateSigningRequestReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
type CombinedController ¶
type CombinedController struct {
IssuerTypes []v1alpha1.Issuer
ClusterIssuerTypes []v1alpha1.Issuer
FieldOwner string
MaxRetryDuration time.Duration
// Check connects to a CA and checks if it is available
signer.Check
// Sign connects to a CA and returns a signed certificate for the supplied CertificateRequest.
signer.Sign
// IgnoreCertificateRequest is an optional function that can prevent the CertificateRequest
// and Kubernetes CSR controllers from reconciling a CertificateRequest resource.
signer.IgnoreCertificateRequest
// IgnoreIssuer is an optional function that can prevent the issuer controllers from
// reconciling an issuer resource.
signer.IgnoreIssuer
// EventRecorder is used for creating Kubernetes events on resources.
EventRecorder record.EventRecorder
// Clock is used to mock condition transition times in tests.
Clock clock.PassiveClock
// SetCAOnCertificateRequest is used to enable setting the CA status field on
// the CertificateRequest resource. This is disabled by default.
// Deprecated: this option is for backwards compatibility only. The use of
// ca.crt is discouraged. Instead, the CA certificate should be provided
// separately using a tool such as trust-manager.
SetCAOnCertificateRequest bool
// DisableCertificateRequestController is used to disable the CertificateRequest
// controller. This controller is enabled by default.
// You should only disable this controller if you eg. don't want to rely on the cert-manager
// CRDs to be installed.
// Note: in the future, we might remove this option and always enable the CertificateRequest
// controller.
DisableCertificateRequestController bool
// DisableKubernetesCSRController is used to disable the Kubernetes CSR controller.
// This controller is enabled by default.
// You should only disable this controller if you really don't want to support signing
// Kubernetes CSRs.
// Note: in the future, we might remove this option and always enable the Kubernetes CSR
// controller.
DisableKubernetesCSRController bool
// PreSetupWithManager is an optional function that can be used to perform
// additional setup before the controller is built and registered with the
// manager.
PreSetupWithManager func(context.Context, schema.GroupVersionKind, ctrl.Manager, *builder.Builder) error
// PostSetupWithManager is an optional function that can be used to perform
// additional setup after the controller is built and registered with the
// manager.
PostSetupWithManager func(context.Context, schema.GroupVersionKind, ctrl.Manager, controller.Controller) error
}
func (*CombinedController) SetupWithManager ¶
type IssuerPredicate ¶
Predicate for Issuer events that should trigger the Issuer reconciler
In these cases we want to trigger: - an annotation changed/ was added or removed - the generation changed - the Ready condition was added/ removed
func (IssuerPredicate) Update ¶
func (IssuerPredicate) Update(e event.UpdateEvent) bool
Update implements default UpdateEvent filter for validating generation change.
type IssuerReconciler ¶
type IssuerReconciler struct {
ForObject v1alpha1.Issuer
FieldOwner string
EventSource kubeutil.EventSource
// Client is a controller-runtime client used to get and set K8S API resources
client.Client
// Check connects to a CA and checks if it is available
signer.Check
// IgnoreIssuer is an optional function that can prevent the issuer controllers from
// reconciling an issuer resource.
signer.IgnoreIssuer
// EventRecorder is used for creating Kubernetes events on resources.
EventRecorder record.EventRecorder
// Clock is used to mock condition transition times in tests.
Clock clock.PassiveClock
// PreSetupWithManager is an optional function that can be used to perform
// additional setup before the controller is built and registered with the
// manager.
PreSetupWithManager func(context.Context, schema.GroupVersionKind, ctrl.Manager, *builder.Builder) error
// PostSetupWithManager is an optional function that can be used to perform
// additional setup after the controller is built and registered with the
// manager.
PostSetupWithManager func(context.Context, schema.GroupVersionKind, ctrl.Manager, controller.Controller) error
}
IssuerReconciler reconciles a TestIssuer object
func (*IssuerReconciler) SetupWithManager ¶
SetupWithManager sets up the controller with the Manager.
type IssuerType ¶
type LinkedIssuerPredicate ¶
Predicate for Issuer events that should trigger the CertificateRequest reconciler
In these cases we want to trigger: - the Ready condition was added/ removed - the Ready condition's Status property changed - the Ready condition's observed generation changed
func (LinkedIssuerPredicate) Update ¶
func (LinkedIssuerPredicate) Update(e event.UpdateEvent) bool
Update implements default UpdateEvent filter for validating resource version change.
type MatchIssuerType ¶
type RequestController ¶
type RequestController struct {
IssuerTypes []v1alpha1.Issuer
ClusterIssuerTypes []v1alpha1.Issuer
FieldOwner string
MaxRetryDuration time.Duration
EventSource kubeutil.EventSource
// Client is a controller-runtime client used to get and set K8S API resources
client.Client
// Sign connects to a CA and returns a signed certificate for the supplied Request.
signer.Sign
// IgnoreCertificateRequest is an optional function that can prevent the Request
// and Kubernetes CSR controllers from reconciling a Request resource.
signer.IgnoreCertificateRequest
// EventRecorder is used for creating Kubernetes events on resources.
EventRecorder record.EventRecorder
// Clock is used to mock condition transition times in tests.
Clock clock.PassiveClock
// PreSetupWithManager is an optional function that can be used to perform
// additional setup before the controller is built and registered with the
// manager.
PreSetupWithManager func(context.Context, schema.GroupVersionKind, ctrl.Manager, *builder.Builder) error
// PostSetupWithManager is an optional function that can be used to perform
// additional setup after the controller is built and registered with the
// manager.
PostSetupWithManager func(context.Context, schema.GroupVersionKind, ctrl.Manager, controller.Controller) error
// contains filtered or unexported fields
}
RequestController reconciles a "request" object. A request object implementation can be provided using the requestObjectHelperCreator function. This function is responsible for creating a RequestObjectHelper that is used to interact with the request object. Currently, we support cert-manager CertificateRequests and Kubernetes CertificateSigningRequests.
func (*RequestController) AllIssuerTypes ¶
func (r *RequestController) AllIssuerTypes() []IssuerType
func (*RequestController) Init ¶
func (r *RequestController) Init( requestType client.Object, requestPredicate predicate.Predicate, matchIssuerType MatchIssuerType, requestObjectHelperCreator RequestObjectHelperCreator, ) *RequestController
func (*RequestController) SetupWithManager ¶
SetupWithManager sets up the controller with the Manager.
type RequestObjectHelper ¶
type RequestObjectHelper interface {
IsApproved() bool
IsDenied() bool
IsReady() bool
IsFailed() bool
RequestObject() signer.CertificateRequestObject
NewPatch(
clock clock.PassiveClock,
fieldOwner string,
eventRecorder record.EventRecorder,
) RequestPatchHelper
}
type RequestObjectHelperCreator ¶
type RequestObjectHelperCreator func(client.Object) RequestObjectHelper
type RequestPatchHelper ¶
type RequestPatchHelper interface {
RequestPatch
SetInitializing() (didInitialise bool)
SetWaitingForIssuerExist(error)
SetWaitingForIssuerReadyNoCondition()
SetWaitingForIssuerReadyOutdated()
SetWaitingForIssuerReadyNotReady(*cmapi.IssuerCondition)
SetCustomCondition(
conditionType string,
conditionStatus metav1.ConditionStatus,
conditionReason string, conditionMessage string,
) (didCustomConditionTransition bool)
SetPending(reason string)
SetRetryableError(error)
SetPermanentError(error)
SetUnexpectedError(error)
SetIssued(signer.PEMBundle)
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.