etcdcertsigner

Documentation

Index

• Constants
• func Add(mgr manager.Manager) error
• type EtcdCertSigner
  • func (r *EtcdCertSigner) Reconcile(request reconcile.Request) (reconcile.Result, error)

Constants

const (
	// CertificateNotBeforeAnnotation contains the certificate expiration date in RFC3339 format.
	CertificateNotBeforeAnnotation = "auth.openshift.io/certificate-not-before"
	// CertificateNotAfterAnnotation contains the certificate expiration date in RFC3339 format.
	CertificateNotAfterAnnotation = "auth.openshift.io/certificate-not-after"
	// CertificateIssuer contains the common name of the certificate that signed another certificate.
	CertificateIssuer = "auth.openshift.io/certificate-issuer"
	// CertificateHostnames contains the hostnames used by a signer.
	CertificateHostnames = "auth.openshift.io/certificate-hostnames"
	//TODO: think of better name
	CertificateEtcdIdentity = "auth.openshift.io/certificate-etcd-identity"
)

const EtcdCertValidity = 3 * 365 * 24 * time.Hour

Functions

func Add

func Add(mgr manager.Manager) error

Add creates a new EtcdCertSigner Controller and adds it to the Manager. The Manager will set fields on the Controller and Start it when the Manager is Started.

Types

type EtcdCertSigner

type EtcdCertSigner struct {
	// contains filtered or unexported fields
}

EtcdCertSigner reconciles a CertificateSigningRequest object

func (*EtcdCertSigner) Reconcile

func (r *EtcdCertSigner) Reconcile(request reconcile.Request) (reconcile.Result, error)

Reconcile watches on etcd cluster pods and checks if secrets for their certs are appropriately created. The Controller will requeue the Request to be processed again if the returned error is non-nil or Result.Requeue is true, otherwise upon completion it will remove the work from the queue.