source

package
v0.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 21, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// AnnotDnsnames annotation is shared with dns controller manager
	AnnotDnsnames = "dns.gardener.cloud/dnsnames"
	// AnnotDNSClass is the annotation for the dns class
	AnnotDNSClass = "dns.gardener.cloud/class"
	// AnnotClass is the annotation for the cert class
	AnnotClass = "cert.gardener.cloud/class"
	// AnnotACMEDNSChallenge is the annotation for marking DNSEntries for DNS challenges
	AnnotACMEDNSChallenge = "cert.gardener.cloud/acme-dns-challenge"
	// AnnotForwardOwnerRefs is the annotation for the forward owner references
	AnnotForwardOwnerRefs = "cert.gardener.cloud/forward-owner-refs"
	// AnnotSecretname is the annotation for the secret name
	AnnotSecretname = "cert.gardener.cloud/secretname" // #nosec G101 -- this is no credential
	// AnnotSecretNamespace is the annotation for the TLS secret namespace (only used for Istio Gateways source resources)
	AnnotSecretNamespace = "cert.gardener.cloud/secret-namespace" // #nosec G101 -- this is no credential
	// AnnotIssuer is the annotation for the issuer name
	AnnotIssuer = "cert.gardener.cloud/issuer"
	// AnnotCommonName is the annotation for explicitly specifying the common name
	AnnotCommonName = "cert.gardener.cloud/commonname"
	// AnnotCertDNSNames is the annotation for explicitly specifying the DNS names (if not specified, values from "dns.gardener.cloud/dnsnames" is used)
	AnnotCertDNSNames = "cert.gardener.cloud/dnsnames"
	// AnnotFollowCNAME is the annotation for allowing delegated domains for DNS01 challenge
	AnnotFollowCNAME = "cert.gardener.cloud/follow-cname"
	// AnnotCertSecretLabels is the annotation for setting labels for the secret resource
	// comma-separated format "key1=value1,key2=value2"
	AnnotCertSecretLabels = "cert.gardener.cloud/secret-labels" // #nosec G101 -- this is no credential
	// AnnotPreferredChain is the annotation for the certificate preferred chain
	AnnotPreferredChain = "cert.gardener.cloud/preferred-chain"

	// AnnotDNSRecordProviderType is the annotation for providing the provider type for DNS records.
	AnnotDNSRecordProviderType = api.GroupName + "/dnsrecord-provider-type"
	// AnnotDNSRecordSecretRef is the annotation for providing the secret ref for DNS records.
	AnnotDNSRecordSecretRef = api.GroupName + "/dnsrecord-secret-ref"

	// AnnotPrivateKeyAlgorithm is the annotation key to set the PrivateKeyAlgorithm for a Certificate.
	// If PrivateKeyAlgorithm is specified and `size` is not provided,
	// key size of 256 will be used for `ECDSA` key algorithm and
	// key size of 2048 will be used for `RSA` key algorithm.
	// If unset an algorithm `RSA` will be used.
	AnnotPrivateKeyAlgorithm = "cert.gardener.cloud/private-key-algorithm"

	// AnnotPrivateKeySize is the annotation key to set the size of the private key for a Certificate.
	// If PrivateKeyAlgorithm is set to `RSA`, valid values are `2048`, `3072`, or `4096`,
	// and will default to `2048` if not specified.
	// If PrivateKeyAlgorithm is set to `ECDSA`, valid values are `256` or `384`,
	// and will default to `256` if not specified.
	// No other values are allowed.
	AnnotPrivateKeySize = "cert.gardener.cloud/private-key-size"

	// OptClass is the cert-class command line option
	OptClass = "cert-class"
	// OptTargetclass is the target-cert-class command line option
	OptTargetclass = "cert-target-class"
	// OptNamespace is the namespace command line option
	OptNamespace = "target-namespace"
	// OptNameprefix is the target-name-prefix command line option
	OptNameprefix = "target-name-prefix"

	// DefaultClass is the default cert-class
	DefaultClass = "gardencert"
)

Variables

This section is empty.

Functions

func CertSourceController 

func CertSourceController(source CertSourceType, reconcilerType controller.ReconcilerType) controller.Configuration

CertSourceController creates a CertSource controller.

func CopyDNSRecordsAnnotations added in v0.15.0 

func CopyDNSRecordsAnnotations(data resources.ObjectData) (annotations map[string]string)

CopyDNSRecordsAnnotations extracts DNSRecord related annotations.

func DomainsString 

func DomainsString(domains []string) string

DomainsString creates a comma separated string.

func ExtractSecretLabels added in v0.12.0 

func ExtractSecretLabels(objData resources.ObjectData) (secretLabels map[string]string)

ExtractSecretLabels extracts label key value map from annotation.

func GetDomainsFromAnnotations added in v0.14.0 

func GetDomainsFromAnnotations(objData resources.ObjectData, forService bool) (annotatedDomains []string, cn string)

GetDomainsFromAnnotations gets includes annotated DNS names (DNS names from annotation "cert.gardener.cloud/dnsnames" or alternatively "dns.gardener.cloud/dnsnames") and the optional common name. The common name is added to the returned domain list

func MasterResourcesType 

func MasterResourcesType(kind schema.GroupKind) reconcilers.Resources

MasterResourcesType creates the master resource type interfaces function.

func SlaveReconcilerType 

func SlaveReconcilerType(c controller.Interface) (reconcile.Interface, error)

SlaveReconcilerType creates a slaveReconciler.

func SrcReconciler added in v0.2.10 

func SrcReconciler(sourceType CertSourceType, rtype controller.ReconcilerType) controller.ReconcilerType

SrcReconciler creates a source reconciler.

Types

type CertCurrentState 

type CertCurrentState struct {
	CertStates map[types.NamespacedName]*CertState
}

CertCurrentState contains the current state.

func (*CertCurrentState) ContainsSecretName 

func (s *CertCurrentState) ContainsSecretName(name types.NamespacedName) bool

ContainsSecretName returns true if secret name is in map.

type CertFeedback 

type CertFeedback interface {
	Succeeded()
	Pending(info *CertInfo, msg string)
	Ready(info *CertInfo, msg string)
	Failed(info *CertInfo, err error)
}

CertFeedback is an interface for reporting certificate status.

func NewEventFeedback 

func NewEventFeedback(logger logger.LogContext, obj resources.Object, events map[string]string) CertFeedback

NewEventFeedback creates a new EventFeedback

type CertInfo 

type CertInfo struct {
	SecretName          types.NamespacedName
	Domains             []string
	IssuerName          *string
	FollowCNAME         bool
	SecretLabels        map[string]string
	PreferredChain      string
	PrivateKeyAlgorithm string
	PrivateKeySize      int
	Annotations         map[string]string
}

CertInfo contains basic certificate data.

func (CertInfo) DomainsString 

func (info CertInfo) DomainsString() string

DomainsString returns all domains as comma separated string (common name and DNS names)

type CertSource 

type CertSource interface {
	Start() error
	Setup() error

	CreateCertFeedback(logger logger.LogContext, obj resources.Object) CertFeedback
	GetCertsInfo(logger logger.LogContext, objData resources.ObjectData) (*CertsInfo, error)

	Delete(logger logger.LogContext, obj resources.Object) reconcile.Status
	Deleted(logger logger.LogContext, key resources.ClusterObjectKey)
}

CertSource is...

type CertSourceCreator 

type CertSourceCreator func(controller.Interface) (CertSource, error)

CertSourceCreator is type for creator.

type CertSourceType 

type CertSourceType interface {
	Name() string
	GroupKind() schema.GroupKind
	Create(controller.Interface) (CertSource, error)
}

CertSourceType provides basic functionalilty.

func NewCertSourceTypeForCreator 

func NewCertSourceTypeForCreator(name string, kind schema.GroupKind, handler CertSourceCreator) CertSourceType

NewCertSourceTypeForCreator creates CertSourceType for creator.

func NewCertSourceTypeForExtractor 

func NewCertSourceTypeForExtractor(name string, kind schema.GroupKind, handler CertTargetExtractor) CertSourceType

NewCertSourceTypeForExtractor creates CertSourceType for extractor.

type CertState 

type CertState struct {
	// Spec is original spec from CR.
	Spec api.CertificateSpec
	// State is the state string.
	State string
	// Message is the optional status or error message.
	Message *string
	// CreationTimestamp contains the creation timestamp of the certificate.
	CreationTimestamp metav1.Time
}

CertState contains internal certificate state.

type CertTargetExtractor 

type CertTargetExtractor func(logger logger.LogContext, objData resources.ObjectData) (types.NamespacedName, error)

CertTargetExtractor is type for extractor.

type CertsInfo 

type CertsInfo struct {
	Certs map[types.NamespacedName]CertInfo
}

CertsInfo contains a map of CertInfo.

func NewCertsInfo added in v0.14.0 

func NewCertsInfo() *CertsInfo

NewCertsInfo creates a CertsInfo

type DefaultCertSource 

type DefaultCertSource struct {
	Events map[resources.ClusterObjectKey]map[string]string
	// contains filtered or unexported fields
}

DefaultCertSource is the standard CertSource implementation.

func NewDefaultCertSource 

func NewDefaultCertSource(handler CertTargetExtractor) DefaultCertSource

NewDefaultCertSource creates a DefaultCertSource

func (*DefaultCertSource) CreateCertFeedback added in v0.14.0 

func (s *DefaultCertSource) CreateCertFeedback(logger logger.LogContext, obj resources.Object) CertFeedback

CreateCertFeedback creates an event feedback for the given object.

func (*DefaultCertSource) Delete 

func (s *DefaultCertSource) Delete(logger logger.LogContext, obj resources.Object) reconcile.Status

Delete deleted a object.

func (*DefaultCertSource) Deleted 

func (s *DefaultCertSource) Deleted(_ logger.LogContext, key resources.ClusterObjectKey)

Deleted performs cleanup.

func (*DefaultCertSource) GetCertsInfo 

func (s *DefaultCertSource) GetCertsInfo(logger logger.LogContext, objData resources.ObjectData) (*CertsInfo, error)

GetCertsInfo fills a CertsInfo for an object.

func (*DefaultCertSource) GetEvents 

func (s *DefaultCertSource) GetEvents(key resources.ClusterObjectKey) map[string]string

GetEvents returns the events for a cluster object key.

func (*DefaultCertSource) Setup 

func (s *DefaultCertSource) Setup() error

Setup is the setup method.

func (*DefaultCertSource) Start 

func (s *DefaultCertSource) Start() error

Start is the start method.

type EventFeedback 

type EventFeedback struct {
	// contains filtered or unexported fields
}

EventFeedback is struct to store events

func (*EventFeedback) Failed 

func (f *EventFeedback) Failed(info *CertInfo, err error)

Failed adds a failed event.

func (*EventFeedback) Pending 

func (f *EventFeedback) Pending(info *CertInfo, msg string)

Pending adds a pending event.

func (*EventFeedback) Ready 

func (f *EventFeedback) Ready(info *CertInfo, msg string)

Ready adds a ready event

func (*EventFeedback) Succeeded 

func (f *EventFeedback) Succeeded()

Succeeded addas a succeeded event.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.