Documentation
¶
Index ¶
Constants ¶
View Source
const ( // The names of the files that should contain the CA certificate and the TLS key pair. CACertFile = "ca.crt" TLSCertFile = "tls.crt" TLSKeyFile = "tls.key" )
View Source
const ( AntreaCAConfigMapName = "antrea-ca" AntreaControllerTLSSecretName = "antrea-controller-tls" AntreaServiceName = "antrea" )
View Source
const (
CAConfigMapKey = "ca.crt"
)
Variables ¶
This section is empty.
Functions ¶
func GetAntreaServerNames ¶
GetAntreaServerNames returns the DNS names that the TLS certificate will be signed with.
func GetCAConfigMapNamespace ¶
func GetCAConfigMapNamespace() string
Types ¶
type CACertController ¶
type CACertController struct {
// contains filtered or unexported fields
}
CACertController is responsible for taking the CA certificate from the caContentProvider and publishing it to the ConfigMap and the APIServices.
func ApplyServerCert ¶
func ApplyServerCert(selfSignedCert bool, client kubernetes.Interface, aggregatorClient clientset.Interface, apiExtensionClient apiextensionclientset.Interface, secureServing *options.SecureServingOptionsWithLoopback, caConfig *CAConfig) (*CACertController, error)
func (*CACertController) Enqueue ¶
func (c *CACertController) Enqueue()
Enqueue will be called after CACertController is registered as a listener of CA cert change.
func (*CACertController) Run ¶
func (c *CACertController) Run(ctx context.Context, workers int)
Run starts the CACertController and blocks until the context is canceled.
func (*CACertController) RunOnce ¶
func (c *CACertController) RunOnce(ctx context.Context) error
RunOnce runs a single sync step to ensure that we have a valid starting configuration.
func (*CACertController) UpdateCertificate ¶
func (c *CACertController) UpdateCertificate(ctx context.Context) error
type CAConfig ¶ added in v1.5.0
type CAConfig struct {
// Name of the ConfigMap that will hold the CA certificate that validates the TLS
// certificate of antrea-controller.
CAConfigMapName string
// Name of the Secret that will hold the self-signed TLS certificate and key of antrea-controller.
// If set, the certificate and key will be stored in the Secret for future reuse.
TLSSecretName string
// APIServiceSelector provides the label to select APIServices backed by antrea-controller. Using labels as a filter
// to select APIServices is more flexible than maintaining a list of APIService names, e.g., cluster admin can remove
// unneeded APIServices in a setup without Antrea code changes.
APIServiceSelector *metav1.LabelSelector
// ValidatingWebhookSelector provides the label to select ValidatingWebhookConfigurations backed by antrea-controller.
ValidatingWebhookSelector *metav1.LabelSelector
// MutationWebhookSelector provides the label to select MutatingWebhookConfigurations backed by antrea-controller.
MutationWebhookSelector *metav1.LabelSelector
// CRDConversionWebhookSelector provides the label to select the ConversionWebhooks backed by antrea-controller.
CRDConversionWebhookSelector *metav1.LabelSelector
// CertDir is the directory that the TLS Secret should be mounted to. Declaring it as a variable for testing.
CertDir string
// SelfSignedCertDir is the dir Antrea self signed certificates are created in.
SelfSignedCertDir string
// CertReadyTimeout is the timeout we will wait for the TLS Secret being ready. Declaring it as a variable for testing.
CertReadyTimeout time.Duration
// MinValidDuration is the minimal remaining valid duration for the self-signed certificate. It must be rotated once
// the time until the certificate expires becomes shorter than this duration.
MinValidDuration time.Duration
ServiceName string
PairName string
}
Source Files
Click to show internal directories.
Click to hide internal directories.