Documentation
¶
Index ¶
- Constants
- func CreateK8SToken(ctx context.Context, config *rest.Config, saName, saNamespace string, ...) ([]byte, error)
- func GetIMGWData(cl client.Client, config *rest.Config, scheme *runtime.Scheme, ...) (pod corev1.Pod, address string, err error)
- func GetIstioRootCAPEM(cl client.Client, istioRevision string) ([]byte, error)
- func GetIstioTokenFromPod(config *rest.Config, scheme *runtime.Scheme, name, namespace string) ([]byte, error)
- func GetIstiodService(cl client.Client, istioRevision string) (*corev1.Service, error)
- func NewIstioCAClient(config IstioCAClientConfig, logger logr.Logger) ca.Client
- type CitadelClient
- type ConfigRetrievalError
- type CredFetcher
- type IstioCAClient
- type IstioCAClientConfig
- func GetIstioCAClientConfig(clusterID string, istioRevision string) (IstioCAClientConfig, error)
- func GetIstioCAClientConfigFromLocal(clusterID string, endpointAddress string) (config IstioCAClientConfig, err error)
- func GetIstioCAClientConfigWithKubeConfig(clusterID string, istioRevision string, kubeConfig []byte, ...) (IstioCAClientConfig, error)
- type IstioCAClientConfigAndEnvironment
- type TLSOptions
Constants ¶
View Source
const ( // K8sSATrustworthyJWTFileName is the token volume mount file name for k8s trustworthy jwt token. K8sSATrustworthyJWTFileName = "/var/run/secrets/tokens/istio-token" // K8sSAJWTFileName is the token volume mount file name for k8s jwt token. K8sSAJWTFileName = "/var/run/secrets/kubernetes.io/serviceaccount/token" // The data name in the ConfigMap of each namespace storing the root cert of non-Kube CA. CACertPEMFileName = "/var/run/secrets/istio/root-cert.pem" )
Variables ¶
This section is empty.
Functions ¶
func CreateK8SToken ¶
func GetIMGWData ¶
func GetIstioRootCAPEM ¶
func GetIstioTokenFromPod ¶
func GetIstiodService ¶
func NewIstioCAClient ¶
func NewIstioCAClient(config IstioCAClientConfig, logger logr.Logger) ca.Client
Types ¶
type CitadelClient ¶
type CitadelClient struct {
// contains filtered or unexported fields
}
func NewCitadelClient ¶
func NewCitadelClient(opts *security.Options, tlsOpts *TLSOptions, logger logr.Logger) (*CitadelClient, error)
NewCitadelClient create a CA client for Citadel.
func (*CitadelClient) CSRSign ¶
func (c *CitadelClient) CSRSign(csrPEM []byte, certValidTTLInSec int64) ([]string, error)
CSRSign calls Citadel to sign a CSR.
func (*CitadelClient) Close ¶
func (c *CitadelClient) Close()
func (*CitadelClient) GetRootCertBundle ¶
func (c *CitadelClient) GetRootCertBundle() ([]string, error)
GetRootCertBundle: Citadel (Istiod) CA doesn't publish any endpoint to retrieve CA certs
type ConfigRetrievalError ¶
type ConfigRetrievalError struct {
Status string
}
func (ConfigRetrievalError) Error ¶
func (e ConfigRetrievalError) Error() string
type CredFetcher ¶
type CredFetcher struct {
Token string
}
func (CredFetcher) GetIdentityProvider ¶
func (f CredFetcher) GetIdentityProvider() string
func (CredFetcher) GetPlatformCredential ¶
func (f CredFetcher) GetPlatformCredential() (string, error)
func (CredFetcher) GetType ¶
func (f CredFetcher) GetType() string
func (CredFetcher) Stop ¶
func (f CredFetcher) Stop()
type IstioCAClient ¶
type IstioCAClient struct {
// contains filtered or unexported fields
}
func (*IstioCAClient) GetCAEndpoint ¶
func (c *IstioCAClient) GetCAEndpoint() string
func (*IstioCAClient) GetCAPem ¶
func (c *IstioCAClient) GetCAPem() []byte
func (*IstioCAClient) GetCertificate ¶
func (c *IstioCAClient) GetCertificate(hostname string, ttl time.Duration) (ca.Certificate, error)
func (*IstioCAClient) GetConfig ¶
func (c *IstioCAClient) GetConfig() IstioCAClientConfig
type IstioCAClientConfig ¶
type IstioCAClientConfig struct {
CAEndpoint string
CAEndpointSAN string
ClusterID string
Token []byte
CApem []byte
Revision string
}
func GetIstioCAClientConfig ¶
func GetIstioCAClientConfig(clusterID string, istioRevision string) (IstioCAClientConfig, error)
func GetIstioCAClientConfigFromLocal ¶
func GetIstioCAClientConfigFromLocal(clusterID string, endpointAddress string) (config IstioCAClientConfig, err error)
type IstioCAClientConfigAndEnvironment ¶
type IstioCAClientConfigAndEnvironment struct {
CAClientConfig IstioCAClientConfig
Environment environment.IstioEnvironment
}
func GetIstioCAClientConfigFromHeimdall ¶
func GetIstioCAClientConfigFromHeimdall(heimdallURL, clientID, clientSecret, version string) (config IstioCAClientConfigAndEnvironment, err error)
type TLSOptions ¶
Source Files
Click to show internal directories.
Click to hide internal directories.