Documentation
¶
Index ¶
Constants ¶
const ( // CAKeyName is the name of the CA private key CAKeyName = "ca-key.pem" // CACertName is the name of the CA certificate CACertName = "ca-cert.pem" // ServerKeyName is the name of the server private key ServerKeyName = "key.pem" ServerKeyName2 = "tls.key" // ServerCertName is the name of the serving certificate ServerCertName = "cert.pem" ServerCertName2 = "tls.crt" )
const (
FsCertWriter = "fs"
)
const (
SecretCertWriter = "secret"
)
Variables ¶
This section is empty.
Functions ¶
Types ¶
type CertWriter ¶
type CertWriter interface {
// EnsureCert provisions the cert for the webhookClientConfig.
EnsureCert(dnsName string) (*generator.Artifacts, bool, error)
}
CertWriter provides method to handle webhooks.
func NewFSCertWriter ¶
func NewFSCertWriter(ops FSCertWriterOptions) (CertWriter, error)
NewFSCertWriter constructs a CertWriter that persists the certificate on filesystem.
func NewSecretCertWriter ¶
func NewSecretCertWriter(ops SecretCertWriterOptions) (CertWriter, error)
NewSecretCertWriter constructs a CertWriter that persists the certificate in a k8s secret.
type FSCertWriterOptions ¶
type FSCertWriterOptions struct {
// certGenerator generates the certificates.
CertGenerator generator.CertGenerator
// path is the directory that the certificate and private key and CA certificate will be written.
Path string
}
FSCertWriterOptions are options for constructing a FSCertWriter.
type FileProjection ¶
type SecretCertWriterOptions ¶
type SecretCertWriterOptions struct {
// client talks to a kubernetes cluster for creating the secret.
Clientset clientset.Interface
// certGenerator generates the certificates.
CertGenerator generator.CertGenerator
// secret points the secret that contains certificates that written by the CertWriter.
Secret *types.NamespacedName
}
SecretCertWriterOptions is options for constructing a secretCertWriter.
type Writer ¶
type Writer struct {
// contains filtered or unexported fields
}
Writer handles atomically projecting content for a set of files into a target directory.
Note:
- Writer reserves the set of pathnames starting with `..`.
- Writer offers no concurrency guarantees and must be synchronized by the caller.
The visible files in this volume are symlinks to files in the writer's data directory. Actual files are stored in a hidden timestamped directory which is symlinked to by the data directory. The timestamped directory and data directory symlink are created in the writer's target dir. This scheme allows the files to be atomically updated by changing the target of the data directory symlink.
Consumers of the target directory can monitor the ..data symlink using inotify or fanotify to receive events when the content in the volume is updated.
func NewAtomicWriter ¶
NewAtomicWriter creates a new Writer configured to write to the given target directory, or returns an error if the target directory does not exist.
func (*Writer) Write ¶
func (w *Writer) Write(payload map[string]FileProjection) error
Write does an atomic projection of the given payload into the writer's target directory. Input paths must not begin with '..'.
The Write algorithm is:
The payload is validated; if the payload is invalid, the function returns 2. The current timestamped directory is detected by reading the data directory symlink
The old version of the volume is walked to determine whether any portion of the payload was deleted and is still present on disk.
The data in the current timestamped directory is compared to the projected data to determine if an update is required. 5. A new timestamped dir is created
The payload is written to the new timestamped directory 7. Symlinks and directory for new user-visible files are created (if needed).
For example, consider the files: <target-dir>/podName <target-dir>/user/labels <target-dir>/k8s/annotations
The user visible files are symbolic links into the internal data directory: <target-dir>/podName -> ..data/podName <target-dir>/usr -> ..data/usr <target-dir>/k8s -> ..data/k8s
The data directory itself is a link to a timestamped directory with the real data: <target-dir>/..data -> ..2016_02_01_15_04_05.12345678/ 8. A symlink to the new timestamped directory ..data_tmp is created that will become the new data directory 9. The new data directory symlink is renamed to the data directory; rename is atomic
10. Old paths are removed from the user-visible portion of the target directory 11. The previous timestamped directory is removed, if it exists
Source Files