Documentation
¶
Index ¶
- func EnsureCASecretForCluster(ctx context.Context, c ctrlclient.Client, cluster *clusterv1.Cluster) error
- func EnsureRegistryAddonRootCASecret(ctx context.Context, c ctrlclient.Client) error
- func EnsureRegistryServerCertificateSecretOnRemoteCluster(ctx context.Context, c ctrlclient.Client, cluster *clusterv1.Cluster, ...) error
- func ServiceIPForCluster(cluster *clusterv1.Cluster) (string, error)
- type CertificateSpec
- type EnsureCertificateOpts
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func EnsureCASecretForCluster ¶
func EnsureCASecretForCluster( ctx context.Context, c ctrlclient.Client, cluster *clusterv1.Cluster, ) error
EnsureCASecretForCluster ensures that the registry addon CA secret exists for the given cluster. It copies the ca.crt value from the global CA secret to a unique secret in the cluster's namespace.
func EnsureRegistryAddonRootCASecret ¶ added in v0.30.0
func EnsureRegistryAddonRootCASecret( ctx context.Context, c ctrlclient.Client, ) error
EnsureRegistryAddonRootCASecret ensures that the registry addon root CA secret exists. This Secret is used to sign the registry TLS certificates for the remote clusters.
func EnsureRegistryServerCertificateSecretOnRemoteCluster ¶
func EnsureRegistryServerCertificateSecretOnRemoteCluster( ctx context.Context, c ctrlclient.Client, cluster *clusterv1.Cluster, opts *EnsureCertificateOpts, ) error
EnsureRegistryServerCertificateSecretOnRemoteCluster ensures that a registry TLS certificate is signed by the global CA and is created as secret on the remote cluster.
The high level flow is as follows: 1. Create a new TLS certificate and sign it with the global CA. 2. Copy the TLS certificate secret to the remote cluster to be used by the registry Pods.
Intentionally not using cert-manager to create the certificate, as we want to avoid automatic renewal and instead recreate the certificate each time with a new expiration date.
Types ¶
type CertificateSpec ¶
type CertificateSpec struct {
// CommonName is the common name to be included in the certificate.
CommonName string
// DNSNames is a list of DNS names to be included in the certificate.
DNSNames []string
// IPAddresses is a list of IP addresses to be included in the certificate.
IPAddresses []string
// Duration is the duration for which the certificate is valid.
Duration time.Duration
}
type EnsureCertificateOpts ¶
type EnsureCertificateOpts struct {
// RemoteSecretKey is the name and namespace of the TLS secret to be created on the remote cluster.
RemoteSecretKey ctrlclient.ObjectKey
Spec CertificateSpec
}
Source Files