Documentation
¶
Index ¶
Constants ¶
View Source
const ( // CASecretName is the name of the Secret containing the self-signed CA used to sign webhook serving certs. CASecretName = "webhook-serving-ca" // ServingCertSecretName is the name of the Secret containing the serving cert for the webhook server. ServingCertSecretName = "manager-serving-cert" )
Variables ¶
This section is empty.
Functions ¶
func EnsureWebhookCerts ¶ added in v0.1.77
EnsureWebhookCerts ensures that webhook cert secrets exist so the webhook server can start. If the serving cert secret already exists with valid data, this is a no-op (the volume mount handles file delivery). If the secret is missing or has empty data, new certs are generated and persisted as secrets.
func GenerateInitialWebhookCerts ¶
func GenerateInitialWebhookCerts(namespace, serviceName string) (*corev1.Secret, *corev1.Secret, []byte, error)
GenerateInitialWebhookCerts generates the CA and serving cert secrets for use at install time. It also returns the CA bundle bytes for injection into CRDs and webhook configs.
Types ¶
type WebhookCertReconciler ¶
type WebhookCertReconciler struct {
Client client.Client
Namespace string
ServiceName string
// contains filtered or unexported fields
}
WebhookCertReconciler reconciles the self-managed webhook CA and serving cert. It is used on non-OpenShift clusters where the service-ca operator is not available.
func (*WebhookCertReconciler) SetupWithManager ¶
func (r *WebhookCertReconciler) SetupWithManager(mgr ctrl.Manager, createOrUpdate upsert.CreateOrUpdateProvider) error
Source Files
Click to show internal directories.
Click to hide internal directories.