Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateAllSecrets ¶
func GenerateAllSecrets(ctx context.Context, sm secretsmanager.Interface, secretConfigs []SecretConfigWithOptions) (map[string]*corev1.Secret, error)
GenerateAllSecrets takes care of generating all secret configs with the given SecretsManager (first CA configs, then the rest).
func SecretsManagerForCluster ¶
func SecretsManagerForCluster(ctx context.Context, logger logr.Logger, clock clock.Clock, c client.Client, cluster *extensionscontroller.Cluster, identity string, secretConfigs []SecretConfigWithOptions) (secretsmanager.Interface, error)
SecretsManagerForCluster initializes a new SecretsManager for the given Cluster. It takes care about rotating CAs among the given secretConfigs in lockstep with all other shoot cluster CAs. It basically makes sure your extension fulfills the requirements for shoot CA rotation when managing secrets with this SecretsManager. I.e., it - initiates rotation of CAs according to cluster.shoot.status.credentials.rotation.certificateAuthorities.lastInitiationTime - keeps old CA secrets during CA rotation - removes old CA secrets on Cleanup() if cluster.shoot.status.credentials.rotation.certificateAuthorities.phase == Completing
Types ¶
type SecretConfigWithOptions ¶
type SecretConfigWithOptions struct { // Config contains the secret config to generate. Config secretutils.ConfigInterface // Options contains options for generating Config. Options []secretsmanager.GenerateOption }
SecretConfigWithOptions combines a secret config with options that should be used for generating it.