Documentation ¶
Index ¶
- func DefaultNginxCertName(nic *v1alpha1.NginxIngressController) string
- func NewEventMirror(manager ctrl.Manager, conf *config.Config) error
- func NewIngressSecretProviderClassReconciler(manager ctrl.Manager, conf *config.Config, ingressManager IngressManager) error
- func NewIngressTlsReconciler(manager ctrl.Manager, conf *config.Config, ingressManager IngressManager) error
- func NewNginxSecretProviderClassReconciler(manager ctrl.Manager, conf *config.Config) error
- func NewPlaceholderPodController(manager ctrl.Manager, conf *config.Config, ingressManager IngressManager) error
- type EventMirror
- type IngressManager
- type IngressSecretProviderClassReconciler
- type NginxSecretProviderClassReconciler
- type PlaceholderPodController
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultNginxCertName ¶ added in v0.2.2
func DefaultNginxCertName(nic *v1alpha1.NginxIngressController) string
DefaultNginxCertName returns a default name for the nginx certificate name using the IngressClassName from the spec. Truncates characters in the IngressClassName passed the max secret length (255) if the IngressClassName and the default namespace are over the limit
func NewIngressTlsReconciler ¶ added in v0.2.2
func NewNginxSecretProviderClassReconciler ¶ added in v0.2.2
Types ¶
type EventMirror ¶
type EventMirror struct {
// contains filtered or unexported fields
}
EventMirror copies events published to pod resources by the Keyvault CSI driver into ingress events. This allows users to easily determine why a certificate might be missing for a given ingress.
type IngressManager ¶ added in v0.0.2
IngressManager returns a boolean indicating whether the Ingress is being managed by us
func NewIngressManagerFromFn ¶ added in v0.1.0
func NewIngressManagerFromFn(IsManaging func(ing *netv1.Ingress) (bool, error)) IngressManager
NewIngressManagerFromFn returns an IngressManager from a function that determines whether the Ingress is being managed by us
type IngressSecretProviderClassReconciler ¶
type IngressSecretProviderClassReconciler struct {
// contains filtered or unexported fields
}
IngressSecretProviderClassReconciler manages a SecretProviderClass for each ingress resource that references a Keyvault certificate. The SPC is used to mirror the Keyvault values into a k8s secret so that it can be used by the ingress controller.
type NginxSecretProviderClassReconciler ¶ added in v0.2.2
type NginxSecretProviderClassReconciler struct {
// contains filtered or unexported fields
}
NginxSecretProviderClassReconciler manages a SecretProviderClass for each nginx ingress controller that has a Keyvault URI in its DefaultSSLCertificate field. The SPC is used to mirror the Keyvault values into a k8s secret so that it can be used by the CRD controller.
type PlaceholderPodController ¶
type PlaceholderPodController struct {
// contains filtered or unexported fields
}
PlaceholderPodController manages a single-replica deployment of no-op pods that mount the Keyvault secrets referenced by each secret provider class managed by IngressSecretProviderClassReconciler.
This is necessitated by the Keyvault CSI implementation, which requires at least one mount in order to start mirroring the Keyvault values into corresponding Kubernetes secret(s).