controller

package
v1.14.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 7, 2024 License: Apache-2.0 Imports: 48 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

KeyFunc creates a key for an API object. The key can be passed to a worker function that processes an object from a queue such as ProcessItem.

Functions

func BuildAnnotationsToCopy added in v1.8.0

func BuildAnnotationsToCopy(allAnnotations map[string]string, prefixes []string) map[string]string

BuildAnnotationsToCopy takes a map of annotations and a list of prefix filters and builds a filtered map of annotations. It is used to filter annotations to be copied from Certificate to CertificateRequest and from CertificateSigningRequest to Order.

func DefaultItemBasedRateLimiter added in v0.6.0

func DefaultItemBasedRateLimiter() workqueue.RateLimiter

DefaultItemBasedRateLimiter returns a new rate limiter with base delay of 5 seconds, max delay of 5 minutes.

func HandleOwnedResourceNamespacedFunc added in v1.8.0

func HandleOwnedResourceNamespacedFunc(log logr.Logger, queue workqueue.RateLimitingInterface, ownerGVK schema.GroupVersionKind, get func(namespace, name string) (interface{}, error)) func(obj interface{})

HandleOwnedResourceNamespacedFunc returns a function thataccepts a Kubernetes object and adds its owner references to the workqueue. https://kubernetes.io/docs/concepts/workloads/controllers/garbage-collection/#owners-and-dependents

func Known

func Known() map[string]Constructor

Known returns a map of the registered controller Constructors

func Register

func Register(name string, fn Constructor)

Register registers a controller constructor with the controller package

func ToSecret added in v1.12.0

func ToSecret(obj interface{}) (*corev1.Secret, bool)

Types

type ACMEOptions

type ACMEOptions struct {
	// ACMEHTTP01SolverImage is the image to use for solving ACME HTTP01
	// challenges
	HTTP01SolverImage string

	// HTTP01SolverResourceRequestCPU defines the ACME pod's resource request CPU size
	HTTP01SolverResourceRequestCPU resource.Quantity

	// HTTP01SolverResourceRequestMemory defines the ACME pod's resource request Memory size
	HTTP01SolverResourceRequestMemory resource.Quantity

	// HTTP01SolverResourceLimitsCPU defines the ACME pod's resource limits CPU size
	HTTP01SolverResourceLimitsCPU resource.Quantity

	// HTTP01SolverResourceLimitsMemory defines the ACME pod's resource limits Memory size
	HTTP01SolverResourceLimitsMemory resource.Quantity

	// ACMEHTTP01SolverRunAsNonRoot sets the ACME pod's ability to run as root
	ACMEHTTP01SolverRunAsNonRoot bool

	// HTTP01SolverNameservers is a list of nameservers to use when performing self-checks
	// for ACME HTTP01 validations.
	HTTP01SolverNameservers []string

	// DNS01CheckAuthoritative is a flag for controlling if auth nss are used
	// for checking propagation of an RR. This is the ideal scenario
	DNS01CheckAuthoritative bool

	// DNS01Nameservers is a list of nameservers to use when performing self-checks
	// for ACME DNS01 validations.
	DNS01Nameservers []string

	// AccountRegistry is used as a cache of ACME accounts between various
	// components of cert-manager
	AccountRegistry accounts.Registry

	// DNS01CheckRetryPeriod is the time the controller should wait between checking if a ACME dns entry exists.
	DNS01CheckRetryPeriod time.Duration
}

type BlockingEventHandler

type BlockingEventHandler struct {
	WorkFunc func(obj interface{})
}

BlockingEventHandler is an implementation of cache.ResourceEventHandler that simply synchronously calls it's WorkFunc upon calls to OnAdd, OnUpdate or OnDelete.

func (*BlockingEventHandler) Enqueue

func (b *BlockingEventHandler) Enqueue(obj interface{})

Enqueue synchronously adds a key for an object to the workqueue.

func (*BlockingEventHandler) OnAdd

func (b *BlockingEventHandler) OnAdd(obj interface{}, isInInitialList bool)

OnAdd synchronously adds a newly created object to the workqueue.

func (*BlockingEventHandler) OnDelete

func (b *BlockingEventHandler) OnDelete(obj interface{})

OnDelete synchronously adds a deleted object to the workqueue.

func (*BlockingEventHandler) OnUpdate

func (b *BlockingEventHandler) OnUpdate(old, new interface{})

OnUpdate synchronously adds an updated object to the workqueue.

type Builder added in v1.8.0

type Builder struct {
	// contains filtered or unexported fields
}

Builder is used to build controllers that implement the queuingController interface

func NewBuilder added in v1.8.0

func NewBuilder(controllerctx *ContextFactory, name string) *Builder

New creates a basic Builder, setting the sync call to the one given

func (*Builder) Complete added in v1.8.0

func (b *Builder) Complete() (Interface, error)

func (*Builder) First added in v1.8.0

func (b *Builder) First(function func(context.Context)) *Builder

First will register a function that will be called once, after the controller has been initialised. They are queued, run sequentially, and block "With" runDurationFuncs from running until all are complete.

func (*Builder) For added in v1.8.0

func (b *Builder) For(ctrl queueingController) *Builder

func (*Builder) With added in v1.8.0

func (b *Builder) With(function func(context.Context), duration time.Duration) *Builder

With will register an additional function that should be called every 'duration' alongside the controller. This is useful if a controller needs to periodically run a scheduled task.

type CertificateOptions added in v0.6.0

type CertificateOptions struct {
	// EnableOwnerRef controls whether the certificate is configured as an owner of
	// secret where the effective TLS certificate is stored.
	EnableOwnerRef bool
	// CopiedAnnotationPrefixes defines which annotations should be copied
	// Certificate -> CertificateRequest, CertificateRequest -> Order.
	CopiedAnnotationPrefixes []string
}

type Constructor

type Constructor func(ctx *ContextFactory) (Interface, error)

Constructor is a function that creates a new control loop given a controller Context.

type Context

type Context struct {
	// RootContext is the root context for the controller
	RootContext context.Context

	// StopCh is a channel that will be closed when the controller is signalled
	// to exit
	StopCh <-chan struct{}

	// FieldManager is the string that should be used as the field manager when
	// applying API object. This value is derived from the user agent.
	FieldManager string
	// RESTConfig is the loaded Kubernetes apiserver rest client configuration
	RESTConfig *rest.Config
	// Scheme is the Kubernetes scheme that should be used when serialising and
	// deserialising API objects
	Scheme *runtime.Scheme
	// Client is a Kubernetes clientset
	Client kubernetes.Interface
	// CMClient is a cert-manager clientset
	CMClient clientset.Interface
	// GWClient is a GatewayAPI clientset.
	GWClient gwclient.Interface
	// MetadataClient is a PartialObjectMetadata client
	MetadataClient metadata.Interface
	// DiscoveryClient is a discovery interface. Usually set to Client.Discovery unless a fake client is in use.
	DiscoveryClient discovery.DiscoveryInterface

	// Recorder to record events to
	Recorder record.EventRecorder

	// KubeSharedInformerFactory can be used to obtain shared
	// SharedIndexInformer instances for Kubernetes types
	KubeSharedInformerFactory internalinformers.KubeInformerFactory

	// SharedInformerFactory can be used to obtain shared SharedIndexInformer
	// instances for cert-manager.io types
	SharedInformerFactory informers.SharedInformerFactory

	// HTTP01ResourceMetadataInformersFactory is a metadata only informers
	// factory with a http-01 resource label filter selector
	HTTP01ResourceMetadataInformersFactory metadatainformer.SharedInformerFactory

	// GWShared can be used to obtain SharedIndexInformer instances for
	// gateway.networking.k8s.io types
	GWShared             gwinformers.SharedInformerFactory
	GatewaySolverEnabled bool

	ContextOptions
}

Context contains various types that are used by controller implementations. We purposely don't have specific informers/listers here, and instead keep a reference to a SharedInformerFactory so that controllers can choose themselves which listers are required. Each component should be given distinct Contexts, built from the ContextFactory that has configured the underlying client to use separate User Agents.

type ContextFactory added in v1.8.0

type ContextFactory struct {
	// contains filtered or unexported fields
}

ContextFactory is used for constructing new Contexts who's clients have been configured with a User Agent built from the component name.

func NewContextFactory added in v1.8.0

func NewContextFactory(ctx context.Context, opts ContextOptions) (*ContextFactory, error)

NewContextFactory builds a ContextFactory that builds controller Contexts that have been configured for that components User Agent. All resulting Context's and clients contain the same RateLimiter and corresponding QPS and Burst buckets.

func (*ContextFactory) Build added in v1.8.0

func (c *ContextFactory) Build(component ...string) (*Context, error)

Build builds a new controller Context who's clients have a User Agent derived from the optional component name.

type ContextOptions added in v1.8.0

type ContextOptions struct {
	// APIServerHost is the host address of the target Kubernetes API server.
	APIServerHost string

	// Kubeconfig is the optional file path location to a kubeconfig to connect
	// and authenticate to the API server.
	Kubeconfig string

	// Kubernetes API QPS is the value of the maximum QPS to the API server from
	// clients.
	KubernetesAPIQPS float32

	// KubernetesAPIBurst is the value of the Maximum burst for throttle.
	KubernetesAPIBurst int

	// Namespace is the namespace to operate within.
	// If unset, operates on all namespaces
	Namespace string

	// Clock should be used to access the current time instead of relying on
	// time.Now, to make it easier to test controllers that utilise time
	Clock clock.Clock

	// Metrics is used for exposing Prometheus metrics across the controllers
	Metrics *metrics.Metrics

	IssuerOptions
	ACMEOptions
	IngressShimOptions
	CertificateOptions
	SchedulerOptions
}

ContextOptions are static Controller Context options.

type IngressShimOptions

type IngressShimOptions struct {
	DefaultIssuerName                 string
	DefaultIssuerKind                 string
	DefaultIssuerGroup                string
	DefaultAutoCertificateAnnotations []string
}

IngressShimOptions contain default Issuer GVK config for the certificate-shim controllers. These are set from the cmd cli flags, allowing the controllers to support legacy annotations such as `kubernetes.io/tls-acme`.

type Interface

type Interface interface {
	// Run will start a controller. 'workers' should be the  number of
	// independent goroutines for this controller in question that are to be
	// run, and the workers should shut down upon a signal on stopCh.
	// This method should block until all workers have exited cleanly, thus
	// allowing for graceful shutdown of control loops.
	Run(workers int, stopCh <-chan struct{}) error
}

Interface represents a controller that can be run.

func NewController added in v1.8.0

func NewController(
	ctx context.Context,
	name string,
	metrics *metrics.Metrics,
	syncFunc func(ctx context.Context, key string) error,
	mustSync []cache.InformerSynced,
	runDurationFuncs []runDurationFunc,
	queue workqueue.RateLimitingInterface,
) Interface

type IssuerOptions

type IssuerOptions struct {
	// ClusterResourceNamespace is the namespace to store resources created by
	// non-namespaced resources (e.g. ClusterIssuer) in.
	ClusterResourceNamespace string

	// ClusterIssuerAmbientCredentials controls whether a cluster issuer should
	// pick up ambient credentials, such as those from metadata services, to
	// construct clients.
	ClusterIssuerAmbientCredentials bool

	// IssuerAmbientCredentials controls whether an issuer should pick up ambient
	// credentials, such as those from metadata services, to construct clients.
	IssuerAmbientCredentials bool
}

func (IssuerOptions) CanUseAmbientCredentials

func (o IssuerOptions) CanUseAmbientCredentials(iss cmapi.GenericIssuer) bool

CanUseAmbientCredentials returns whether `iss` will attempt to configure itself from ambient credentials (e.g. from a cloud metadata service).

func (IssuerOptions) ResourceNamespace

func (o IssuerOptions) ResourceNamespace(iss cmapi.GenericIssuer) string

ResourceNamespace returns the Kubernetes namespace where resources created or read by `iss` are located.

type QueuingEventHandler

type QueuingEventHandler struct {
	Queue workqueue.RateLimitingInterface
}

QueuingEventHandler is an implementation of cache.ResourceEventHandler that simply queues objects that are added/updated/deleted.

func (*QueuingEventHandler) Enqueue

func (q *QueuingEventHandler) Enqueue(obj interface{})

Enqueue adds a key for an object to the workqueue.

func (*QueuingEventHandler) OnAdd

func (q *QueuingEventHandler) OnAdd(obj interface{}, isInInitialList bool)

OnAdd adds a newly created object to the workqueue.

func (*QueuingEventHandler) OnDelete

func (q *QueuingEventHandler) OnDelete(obj interface{})

OnDelete adds a deleted object to the workqueue for processing.

func (*QueuingEventHandler) OnUpdate

func (q *QueuingEventHandler) OnUpdate(old, new interface{})

OnUpdate adds an updated object to the workqueue.

type SchedulerOptions added in v1.8.0

type SchedulerOptions struct {
	// MaxConcurrentChallenges determines the maximum number of challenges that can be
	// scheduled as 'processing' at once.
	MaxConcurrentChallenges int
}

Directories

Path Synopsis
ca
ca
Package test contains testing utilities used for constructing fake Contexts which can be used during tests.
Package test contains testing utilities used for constructing fake Contexts which can be used during tests.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL