driver

package

v0.0.5 Latest Latest Go to latest Published: Dec 6, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/AthenZ/csi-driver-athenz

Links

Open Source Insights

Documentation ¶

Index ¶

type Driver
- func New(log logr.Logger, opts Options) (*Driver, error)
- func (d *Driver) Run(ctx context.Context) error
type Options

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Driver ¶

type Driver struct {
	// contains filtered or unexported fields
}

Driver is used for running the actual CSI driver. Driver will respond to NodePublishVolume events, and attempt to sign Athenz certificates for mounting pod's identity.

func New ¶

func New(log logr.Logger, opts Options) (*Driver, error)

New constructs a new Driver instance.

func (*Driver) Run ¶

func (d *Driver) Run(ctx context.Context) error

Run is a blocking func that run the CSI driver.

type Options ¶

type Options struct {
	// DriverName is the driver name as installed in Kubernetes.
	DriverName string

	// NodeID is the name of the node the driver is running on.
	NodeID string

	// DataRoot is the path to the in-memory data directory used to store data.
	DataRoot string

	// Endpoint is the endpoint which is used to listen for gRPC requests.
	Endpoint string

	// TrustDomain is the trust domain of this Athenz PKI. The TrustDomain will
	// appear in signed certificate's URI SANs.
	TrustDomain string

	// CertificateRequestAnnotations are annotations that are to be added to certificate requests created by the driver
	CertificateRequestAnnotations map[string]string

	// CertificateRequestDuration is the duration CertificateRequests will be
	// requested with.
	// Defaults to 1 hour if empty.
	CertificateRequestDuration time.Duration

	// IssuerRef is the IssuerRef used when creating CertificateRequests.
	IssuerRef cmmeta.ObjectReference

	// CertificateFileName is the name of the file that the signed certificate
	// will be written to inside the Pod's volume.
	// Default to `tls.crt` if empty.
	CertificateFileName string

	// KeyFileName is the name of the file that the private key will be written
	// to inside the Pod's volume.
	// Default to `tls.key` if empty.
	KeyFileName string

	// CAFileName is the name of the file that the root CA certificates will be
	// written to inside the Pod's volume. Ignored if RootCAs is nil.
	CAFileName string

	// RestConfig is used for interacting with the Kubernetes API server.
	RestConfig *rest.Config

	// RootCAs is optionally used to write root CA certificate data to Pod's
	// volume. If nil, no root CA data is written to Pod's volume. If defined,
	// root CA data will be written to the file with the name defined in
	// CAFileName. If the root CA certificate data changes, all managed volume's
	// file will be updated.
	RootCAs rootca.Interface

	// ZTS is the URL of the ZTS server
	ZTS string

	// Provider prefix for the backend provider in ZTS which is responsible
	// for verifying and issuing the identity.
	ProviderPrefix string

	// Trust store bundle is optionally used for the ZTS server if ZTS server certificate
	// is not signed by well known CA.
	CACertFile string

	// DNS domains to be added to the certificate
	DNSDomains string

	// Country name for the certificate
	CertCountryName string

	// Organization name for the certificate
	CertOrgName string

	// Cloud provider where service is running
	CloudProvider string

	// Cloud region where service is running
	CloudRegion string
}

Options holds the Options needed for the CSI driver.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL