Documentation
¶
Index ¶
Constants ¶
View Source
const ( // The names of the files that should contain the CA certificate and the TLS key pair. CACertFile = "ca.crt" TLSCertFile = "tls.crt" TLSKeyFile = "tls.key" )
View Source
const ( AntreaCAConfigMapName = "antrea-ca" AntreaServiceName = "antrea" )
View Source
const (
CAConfigMapKey = "ca.crt"
)
Variables ¶
This section is empty.
Functions ¶
func GetAntreaServerNames ¶
GetAntreaServerNames returns the DNS names that the TLS certificate will be signed with.
func GetCAConfigMapNamespace ¶
func GetCAConfigMapNamespace() string
Types ¶
type CACertController ¶
type CACertController struct {
// contains filtered or unexported fields
}
CACertController is responsible for taking the CA certificate from the caContentProvider and publishing it to the ConfigMap and the APIServices.
func ApplyServerCert ¶
func ApplyServerCert(selfSignedCert bool, client kubernetes.Interface, aggregatorClient clientset.Interface, apiExtensionClient apiextensionclientset.Interface, secureServing *options.SecureServingOptionsWithLoopback, caConfig *CAConfig) (*CACertController, error)
func (*CACertController) Enqueue ¶
func (c *CACertController) Enqueue()
Enqueue will be called after CACertController is registered as a listener of CA cert change.
func (*CACertController) Run ¶
func (c *CACertController) Run(ctx context.Context, workers int)
Run starts the CACertController and blocks until the context is canceled.
func (*CACertController) RunOnce ¶
func (c *CACertController) RunOnce(ctx context.Context) error
RunOnce runs a single sync step to ensure that we have a valid starting configuration.
func (*CACertController) UpdateCertificate ¶
func (c *CACertController) UpdateCertificate(ctx context.Context) error
type CAConfig ¶ added in v1.5.0
type CAConfig struct {
// Name of the ConfigMap that will hold the CA certificate that signs the TLS
// certificate of antrea-controller.
CAConfigMapName string
// APIServiceSelector provides the label to select APIServices backed by antrea-controller. Using labels as a filter
// to select APIServices is more flexible than maintaining a list of APIService names, e.g., cluster admin can remove
// unneeded APIServices in a setup without Antrea code changes.
APIServiceSelector *metav1.LabelSelector
// ValidatingWebhookSelector provides the label to select ValidatingWebhookConfigurations backed by antrea-controller.
ValidatingWebhookSelector *metav1.LabelSelector
// MutationWebhookSelector provides the label to select MutatingWebhookConfigurations backed by antrea-controller.
MutationWebhookSelector *metav1.LabelSelector
// CRDConversionWebhookSelector provides the label to select the ConversionWebhooks backed by antrea-controller.
CRDConversionWebhookSelector *metav1.LabelSelector
// CertDir is the directory that the TLS Secret should be mounted to. Declaring it as a variable for testing.
CertDir string
// SelfSignedCertDir is the dir Antrea self signed certificates are created in.
SelfSignedCertDir string
// CertReadyTimeout is the timeout we will wait for the TLS Secret being ready. Declaring it as a variable for testing.
CertReadyTimeout time.Duration
// MaxRotateDuration is the max duration for rotating self-signed certificate generated by Antrea.
// In most cases we will rotate the certificate when we reach half the expiration time of the certificate (see nextRotationDuration).
// MaxRotateDuration ensures that if a self-signed certificate has a really long expiration (N years), we still attempt to rotate it
// within a reasonable time, in this case one year. maxRotateDuration is also used to force certificate rotation in unit tests.
MaxRotateDuration time.Duration
ServiceName string
PairName string
}
Source Files
Click to show internal directories.
Click to hide internal directories.