kubecertagent

package
v0.33.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 7, 2024 License: Apache-2.0 Imports: 37 Imported by: 0

Documentation

Overview

Package kubecertagent provides controllers that ensure a pod (the kube-cert-agent), is co-located with the Kubernetes controller manager so that Pinniped can access its signing keys.

Index

Constants

View Source 
const (
	// ControllerManagerNamespace is the assumed namespace of the kube-controller-manager pod(s).
	ControllerManagerNamespace = "kube-system"

	ClusterInfoNamespace = "kube-public"
)

Variables

This section is empty.

Functions

func NewAgentController added in v0.8.0 

func NewAgentController(
	cfg AgentConfig,
	client *kubeclient.Client,
	kubeSystemPods corev1informers.PodInformer,
	agentDeployments appsv1informers.DeploymentInformer,
	agentPods corev1informers.PodInformer,
	kubePublicConfigMaps corev1informers.ConfigMapInformer,
	credentialIssuers configv1alpha1informers.CredentialIssuerInformer,
	dynamicCertProvider dynamiccert.Private,
) controllerlib.Controller

NewAgentController returns a controller that manages the kube-cert-agent Deployment. It also is tasked with updating the CredentialIssuer with any errors that it encounters.

func NewLegacyPodCleanerController added in v0.8.0 

func NewLegacyPodCleanerController(
	cfg AgentConfig,
	client *kubeclient.Client,
	agentPods corev1informers.PodInformer,
	log plog.Logger,
) controllerlib.Controller

NewLegacyPodCleanerController returns a controller that cleans up legacy kube-cert-agent Pods created by Pinniped v0.7.0 and below.

Types

type AgentConfig added in v0.8.0 

type AgentConfig struct {
	// Namespace in which agent pods will be created.
	Namespace string

	// ContainerImage specifies the container image used for the agent pods.
	ContainerImage string

	// NamePrefix will be prefixed to all agent pod names.
	NamePrefix string

	// ServiceAccountName is the service account under which to run the agent pods.
	ServiceAccountName string

	// ContainerImagePullSecrets is a list of names of Kubernetes Secret objects that will be used as
	// ImagePullSecrets on the kube-cert-agent pods.
	ContainerImagePullSecrets []string

	// CredentialIssuerName specifies the CredentialIssuer to be created/updated.
	CredentialIssuerName string

	// Labels to be applied to the CredentialIssuer and agent pods.
	Labels map[string]string

	// DiscoveryURLOverride is the Kubernetes server endpoint to report in the CredentialIssuer, overriding any
	// value discovered in the kube-public/cluster-info ConfigMap.
	DiscoveryURLOverride *string
}

AgentConfig is the configuration for the kube-cert-agent controller.

type PodCommandExecutor 

type PodCommandExecutor interface {
	Exec(ctx context.Context, podNamespace string, podName string, containerName string, commandAndArgs ...string) (stdoutResult string, err error)
}

PodCommandExecutor can exec a command in a pod located via namespace and name.

func NewPodCommandExecutor 

func NewPodCommandExecutor(kubeConfig *restclient.Config, kubeClient kubernetes.Interface) PodCommandExecutor

NewPodCommandExecutor returns a PodCommandExecutor that will interact with a pod via the provided kubeConfig and corresponding kubeClient.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.