GO-2024-2817: karmada vulnerable to arbitrary code execution via a crafted command in github.com/karmada-io/karmada

certificate

package

v1.17.2 Latest Latest Go to latest Published: Apr 30, 2026 License: Apache-2.0 Imports: 28 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/karmada-io/karmada

Links

Documentation ¶

Index ¶

Constants
type CertRotationController
- func (c *CertRotationController) Reconcile(ctx context.Context, req controllerruntime.Request) (controllerruntime.Result, error)
- func (c *CertRotationController) SetupWithManager(mgr controllerruntime.Manager) error

Constants ¶

View Source

const (
	// CertRotationControllerName is the controller name that will be used when reporting events and metrics.
	CertRotationControllerName = "cert-rotation-controller"

	// SignerName defines the signer name for csr, 'kubernetes.io/kube-apiserver-client' is used
	// to match the signer expected by the agent CSR approver (agent_csr_approving).
	SignerName = certificatesv1.KubeAPIServerClientSignerName

	// KarmadaKubeconfigName is the name of the secret containing karmada-agent certificate.
	KarmadaKubeconfigName = "karmada-kubeconfig"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CertRotationController ¶

type CertRotationController struct {
	client.Client        // used to operate cluster resources in the control plane.
	KubeClient           clientset.Interface
	EventRecorder        record.EventRecorder
	RESTMapper           meta.RESTMapper
	ClusterClient        *util.ClusterClient
	ClusterClientSetFunc func(string, client.Client, *util.ClientOption) (*util.ClusterClient, error)
	// ClusterClientOption holds the attributes that should be injected to a Kubernetes client.
	ClusterClientOption *util.ClientOption
	PredicateFunc       predicate.Predicate
	InformerManager     genericmanager.MultiClusterInformerManager
	RatelimiterOptions  ratelimiterflag.Options

	// CertRotationCheckingInterval defines the interval of checking if the certificate need to be rotated.
	CertRotationCheckingInterval time.Duration
	// KarmadaKubeconfigNamespace is the namespace of the secret containing karmada-agent certificate.
	KarmadaKubeconfigNamespace string
	// CertRotationRemainingTimeThreshold defines the threshold of remaining time of the valid certificate.
	// If the ratio of remaining time to total time is less than or equal to this threshold, the certificate rotation starts.
	CertRotationRemainingTimeThreshold float64
}

CertRotationController is to rotate certificates.

func (*CertRotationController) Reconcile ¶

func (c *CertRotationController) Reconcile(ctx context.Context, req controllerruntime.Request) (controllerruntime.Result, error)

Reconcile performs a full reconciliation for the object referred to by the Request. The Controller will requeue the Request to be processed again if an error is non-nil or Result.Requeue is true, otherwise upon completion it will remove the work from the queue.

func (*CertRotationController) SetupWithManager ¶

func (c *CertRotationController) SetupWithManager(mgr controllerruntime.Manager) error

SetupWithManager creates a controller and register to controller manager.

Source Files ¶

View all Source files

cert_rotation_controller.go

Directories ¶

Path	Synopsis
approver

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL