istiodcert

package

v0.13.0 Latest Latest Go to latest Published: Nov 25, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cert-manager/istio-csr

Links

Open Source Insights

Documentation ¶

Index ¶

func AddFlags(o *Options, fs *pflag.FlagSet)
type DynamicIstiodCertProvisioner
- func New(log logr.Logger, restConfig *rest.Config, opts Options, ...) (*DynamicIstiodCertProvisioner, error)
type Options
- func (o *Options) Validate() error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AddFlags ¶

func AddFlags(o *Options, fs *pflag.FlagSet)

Types ¶

type DynamicIstiodCertProvisioner ¶

type DynamicIstiodCertProvisioner struct {
	// contains filtered or unexported fields
}

DynamicIstiodCertProvisioner is both: 1. A controller-runtime controller for watching the dynamic istiod cert and keeping it updated 2. A wrapper around ctrlmgr.Runnable for listening for issuer changes and notifying the certificate controller

func New ¶

func New(log logr.Logger, restConfig *rest.Config, opts Options, issuerChangeNotifier certmanager.IssuerChangeNotifier, trustDomain string) (*DynamicIstiodCertProvisioner, error)

New creates a DynamicIstiodCertProvisioner, ready to be added to a controller manager

func (*DynamicIstiodCertProvisioner) AddControllersToManager ¶

func (dicp *DynamicIstiodCertProvisioner) AddControllersToManager(mgr manager.Manager) error

AddControllersToManager adds controllers to the given manager which: 1. Handle provisioning and updating the dynamic istiod cert 2. Handle listening for updates to the active issuer ref and re-issuing

func (*DynamicIstiodCertProvisioner) NeedLeaderElection ¶

func (dicp *DynamicIstiodCertProvisioner) NeedLeaderElection() bool

NeedLeaderElection returns true, because the DynamicIstiodCertProvisioner should only run in one pod to avoid multiple pods trying to change the same certificate.

func (*DynamicIstiodCertProvisioner) Reconcile ¶

func (dicp *DynamicIstiodCertProvisioner) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

func (*DynamicIstiodCertProvisioner) Start ¶

func (dicp *DynamicIstiodCertProvisioner) Start(ctx context.Context) error

Start makes DynamicIstiodCertProvisioner a Runnable which can be invoked by a manager. It waits for a notification of an issuer change, and when it gets one it triggers reconciliation of the dynamic istiod cert.

type Options ¶

type Options struct {
	Enabled bool

	CertificateName      string
	CertificateNamespace string

	Duration    time.Duration
	RenewBefore time.Duration

	KeyAlgorithm string
	KeySize      int

	CMKeyAlgorithm cmapi.PrivateKeyAlgorithm

	AdditionalDNSNames    []string
	AdditionalAnnotations map[string]string

	IstioRevisions []string
}

Options holds various configuration options for generating the istiod certificate

func (*Options) Validate ¶

func (o *Options) Validate() error

Validate confirms that the given istiod cert options are valid

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL