Documentation ¶
Index ¶
Constants ¶
View Source
const ( // IngressGatewaySdsCaSuffix is the suffix of the sds resource name for root CA. All resource // names for ingress gateway root certs end with "-cacert". IngressGatewaySdsCaSuffix = "-cacert" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type SecretFetcher ¶
type SecretFetcher struct { // If UseCaClient is true, use caClient to send CSR to CA. UseCaClient bool CaClient caClientInterface.Client // Add all entries containing secretName in SecretCache. Called when K8S secret is added. AddCache func(secretName string, ns model.SecretItem) // Delete all entries containing secretName in SecretCache. Called when K8S secret is deleted. DeleteCache func(secretName string) // Update all entries containing secretName in SecretCache. Called when K8S secret is updated. UpdateCache func(secretName string, ns model.SecretItem) // contains filtered or unexported fields }
SecretFetcher fetches secret via watching k8s secrets or sending CSR to CA.
func NewSecretFetcher ¶
func NewSecretFetcher(ingressGatewayAgent bool, endpoint, CAProviderName string, tlsFlag bool, tlsRootCert []byte, vaultAddr, vaultRole, vaultAuthPath, vaultSignCsrPath string) (*SecretFetcher, error)
NewSecretFetcher returns a pointer to a newly constructed SecretFetcher instance.
func (*SecretFetcher) AddSecret ¶
func (sf *SecretFetcher) AddSecret(obj interface{})
AddSecret adds obj into local store. Only used for testing.
func (*SecretFetcher) FindIngressGatewaySecret ¶
func (sf *SecretFetcher) FindIngressGatewaySecret(key string) (secret model.SecretItem, ok bool)
FindIngressGatewaySecret returns the secret for a k8sKeyA, or empty secret if no secret is present. The ok result indicates whether secret was found.
func (*SecretFetcher) Init ¶
func (sf *SecretFetcher) Init(core corev1.CoreV1Interface)
Init initializes SecretFetcher to watch kubernetes secrets.
func (*SecretFetcher) Run ¶
func (sf *SecretFetcher) Run(ch chan struct{})
Run starts the SecretFetcher until a value is sent to ch. Only used when watching kubernetes gateway secrets.
Click to show internal directories.
Click to hide internal directories.