Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var (
// EventGardenletCertificateRotationFailed is an event reason to describe a failed Gardenlet certificate rotation.
EventGardenletCertificateRotationFailed = "GardenletCertificateRotationFailed"
)
Functions ¶
func GetCurrentCertificate ¶ added in v1.34.0
func GetCurrentCertificate(log logr.Logger, gardenKubeconfig []byte, gardenClientConnection *config.GardenClientConnection) (*tls.Certificate, error)
GetCurrentCertificate returns the client certificate which is currently used to communicate with the garden cluster.
Types ¶
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager can be used to schedule the certificate rotation for the Gardenlet's Garden cluster client certificate
func NewCertificateManager ¶
func NewCertificateManager(log logr.Logger, gardenCluster cluster.Cluster, seedClient client.Client, config *config.GardenletConfiguration) (*Manager, error)
NewCertificateManager creates a certificate manager that can be used to rotate gardenlet's client certificate for the Garden cluster
func (*Manager) ScheduleCertificateRotation ¶
func (cr *Manager) ScheduleCertificateRotation(ctx context.Context, gardenletCancel context.CancelFunc, recorder record.EventRecorder) error
ScheduleCertificateRotation waits until the currently used Garden cluster client certificate approaches expiration. Then requests a new certificate and stores the kubeconfig in a secret (`gardenClientConnection.kubeconfigSecret`) on the Seed. the argument is a context.Cancel function to cancel the context of the Gardenlet used for graceful termination after a successful certificate rotation. When the new gardenlet pod is started, it uses the rotated certificate stored in the secret in the Seed cluster