controller

package
v0.14.0-alpha.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 5, 2020 License: Apache-2.0 Imports: 23 Imported by: 47

Documentation

Index

Constants

This section is empty.

Variables

Functions

func DefaultItemBasedRateLimiter added in v0.6.0

func DefaultItemBasedRateLimiter() workqueue.RateLimiter

func HandleOwnedResourceNamespacedFunc added in v0.9.0

func HandleOwnedResourceNamespacedFunc(log logr.Logger, queue workqueue.RateLimitingInterface, ownerGVK schema.GroupVersionKind, get func(namespace, name string) (interface{}, error)) func(obj interface{})

func Known

func Known() map[string]Constructor

Known returns a map of the registered controller Constructors

func Register

func Register(name string, fn Constructor)

Register registers a controller constructor with the controller package

Types

type ACMEOptions

type ACMEOptions struct {
	// ACMEHTTP01SolverImage is the image to use for solving ACME HTTP01
	// challenges
	HTTP01SolverImage string

	// HTTP01SolverResourceRequestCPU defines the ACME pod's resource request CPU size
	HTTP01SolverResourceRequestCPU resource.Quantity

	// HTTP01SolverResourceRequestMemory defines the ACME pod's resource request Memory size
	HTTP01SolverResourceRequestMemory resource.Quantity

	// HTTP01SolverResourceLimitsCPU defines the ACME pod's resource limits CPU size
	HTTP01SolverResourceLimitsCPU resource.Quantity

	// HTTP01SolverResourceLimitsMemory defines the ACME pod's resource limits Memory size
	HTTP01SolverResourceLimitsMemory resource.Quantity

	// DNS01CheckAuthoritative is a flag for controlling if auth nss are used
	// for checking propagation of an RR. This is the ideal scenario
	DNS01CheckAuthoritative bool

	// DNS01Nameservers is a list of nameservers to use when performing self-checks
	// for ACME DNS01 validations.
	DNS01Nameservers []string
}

type BlockingEventHandler

type BlockingEventHandler struct {
	WorkFunc func(obj interface{})
}

BlockingEventHandler is an implementation of cache.ResourceEventHandler that simply synchronously calls it's WorkFunc upon calls to OnAdd, OnUpdate or OnDelete.

func (*BlockingEventHandler) Enqueue

func (b *BlockingEventHandler) Enqueue(obj interface{})

func (*BlockingEventHandler) OnAdd

func (b *BlockingEventHandler) OnAdd(obj interface{})

func (*BlockingEventHandler) OnDelete

func (b *BlockingEventHandler) OnDelete(obj interface{})

func (*BlockingEventHandler) OnUpdate

func (b *BlockingEventHandler) OnUpdate(old, new interface{})

type Builder added in v0.10.0

type Builder struct {
	// contains filtered or unexported fields
}

Builder is used to build controllers that implement the queuingController interface

func NewBuilder added in v0.10.0

func NewBuilder(controllerctx *Context, name string) *Builder

New creates a basic Builder, setting the sync call to the one given

func (*Builder) Complete added in v0.10.0

func (b *Builder) Complete() (Interface, error)

func (*Builder) First added in v0.14.0

func (b *Builder) First(function func(context.Context)) *Builder

First will register a function that will be called once, after the controller has been initialised. They are queued, run sequentially, and block "With" runDurationFuncs from running until all are complete.

func (*Builder) For added in v0.10.0

func (b *Builder) For(ctrl queueingController) *Builder

func (*Builder) With added in v0.10.0

func (b *Builder) With(function func(context.Context), duration time.Duration) *Builder

With will register an additional function that should be called every 'duration' alongside the controller. This is useful if a controller needs to periodically run a scheduled task.

type CertificateOptions added in v0.6.0

type CertificateOptions struct {
	// EnableOwnerRef controls whether the certificate is configured as an owner of
	// secret where the effective TLS certificate is stored.
	EnableOwnerRef bool

	// ExperimentalIssuePKCS12, if true, will make the certificates controller
	// create a `keystore.p12` in the Secret resource for each Certificate.
	// This can only be toggled globally, and the keystore will be encrypted
	// with the supplied ExperimentalPKCS12KeystorePassword.
	// This flag is likely to be removed in future in favour of native PKCS12
	// keystore bundle support.
	ExperimentalIssuePKCS12 bool
	// ExperimentalPKCS12KeystorePassword is the password used to encrypt and
	// decrypt PKCS#12 bundles stored in Secret resources.
	// This option only has any affect is ExperimentalIssuePKCS12 is true.
	ExperimentalPKCS12KeystorePassword string

	// ExperimentalIssueJKS, if true, will make the certificates controller
	// create a `keystore.jks` in the Secret resource for each Certificate.
	// This can only be toggled globally, and the keystore will be encrypted
	// with the supplied ExperimentalJKSPassword.
	// This flag is likely to be removed in future in favour of native JKS
	// bundle support.
	ExperimentalIssueJKS bool
	// ExperimentalJKSPassword is the password used to encrypt and
	// decrypt JKS bundles stored in Secret resources.
	// This option only has any affect is ExperimentalIssueJKS is true.
	ExperimentalJKSPassword string
}

type Constructor

type Constructor func(ctx *Context) (Interface, error)

Constructor is a function that creates a new control loop given a controller Context.

type Context

type Context struct {
	// RootContext is the root context for the controller
	RootContext context.Context

	// StopCh is a channel that will be closed when the controller is signalled
	// to exit
	StopCh <-chan struct{}
	// RESTConfig is the loaded Kubernetes apiserver rest client configuration
	RESTConfig *rest.Config
	// Client is a Kubernetes clientset
	Client kubernetes.Interface
	// CMClient is a cert-manager clientset
	CMClient clientset.Interface
	// Recorder to record events to
	Recorder record.EventRecorder

	// KubeSharedInformerFactory can be used to obtain shared
	// SharedIndexInformer instances for Kubernetes types
	KubeSharedInformerFactory kubeinformers.SharedInformerFactory
	// SharedInformerFactory can be used to obtain shared SharedIndexInformer
	// instances
	SharedInformerFactory informers.SharedInformerFactory

	// Namespace is the namespace to operate within.
	// If unset, operates on all namespaces
	Namespace string

	// Clock should be used to access the current time instead of relying on
	// time.Now, to make it easier to test controllers that utilise time
	Clock clock.Clock

	IssuerOptions
	ACMEOptions
	IngressShimOptions
	CertificateOptions
	SchedulerOptions
	WebhookBootstrapOptions
}

Context contains various types that are used by controller implementations. We purposely don't have specific informers/listers here, and instead keep a reference to a SharedInformerFactory so that controllers can choose themselves which listers are required.

type IngressShimOptions

type IngressShimOptions struct {
	// Default issuer/certificates details consumed by ingress-shim
	DefaultIssuerName                 string
	DefaultIssuerKind                 string
	DefaultIssuerGroup                string
	DefaultAutoCertificateAnnotations []string
}

type Interface

type Interface interface {
	// Run will start a controller. 'workers' should be the  number of
	// independent goroutines for this controller in question that are to be
	// run, and the workers should shut down upon a signal on stopCh.
	// This method should block until all workers have exited cleanly, thus
	// allowing for graceful shutdown of control loops.
	Run(workers int, stopCh <-chan struct{}) error

	// AdditionalInformers is a list of additional informer 'Run' functions
	// that will be started when the shared informer factories 'Start' function
	// is called.
	AdditionalInformers() []RunFunc
}

Interface represents a controller that can be run.

type IssuerOptions

type IssuerOptions struct {
	// ClusterResourceNamespace is the namespace to store resources created by
	// non-namespaced resources (e.g. ClusterIssuer) in.
	ClusterResourceNamespace string

	// ClusterIssuerAmbientCredentials controls whether a cluster issuer should
	// pick up ambient credentials, such as those from metadata services, to
	// construct clients.
	ClusterIssuerAmbientCredentials bool

	// IssuerAmbientCredentials controls whether an issuer should pick up ambient
	// credentials, such as those from metadata services, to construct clients.
	IssuerAmbientCredentials bool

	// RenewBeforeExpiryDuration is the default 'renew before expiry' time for Certificates.
	// Once a certificate is within this duration until expiry, a new Certificate
	// will be attempted to be issued.
	RenewBeforeExpiryDuration time.Duration
}

func (IssuerOptions) CalculateDurationUntilRenew added in v0.7.0

func (o IssuerOptions) CalculateDurationUntilRenew(ctx context.Context, cert *x509.Certificate, crt *cmapi.Certificate) time.Duration

CalculateDurationUntilRenew calculates how long cert-manager should wait to until attempting to renew this certificate resource.

func (IssuerOptions) CanUseAmbientCredentials

func (o IssuerOptions) CanUseAmbientCredentials(iss cmapi.GenericIssuer) bool

func (IssuerOptions) CertificateNeedsRenew

func (o IssuerOptions) CertificateNeedsRenew(ctx context.Context, cert *x509.Certificate, crt *cmapi.Certificate) bool

func (IssuerOptions) ResourceNamespace

func (o IssuerOptions) ResourceNamespace(iss cmapi.GenericIssuer) string

type QueuingEventHandler

type QueuingEventHandler struct {
	Queue workqueue.RateLimitingInterface
}

QueuingEventHandler is an implementation of cache.ResourceEventHandler that simply queues objects that are added/updated/deleted.

func (*QueuingEventHandler) Enqueue

func (q *QueuingEventHandler) Enqueue(obj interface{})

func (*QueuingEventHandler) OnAdd

func (q *QueuingEventHandler) OnAdd(obj interface{})

func (*QueuingEventHandler) OnDelete

func (q *QueuingEventHandler) OnDelete(obj interface{})

func (*QueuingEventHandler) OnUpdate

func (q *QueuingEventHandler) OnUpdate(old, new interface{})

type RunFunc added in v0.10.0

type RunFunc func(stopCh <-chan struct{})

type SchedulerOptions added in v0.8.0

type SchedulerOptions struct {
	// MaxConcurrentChallenges determines the maximum number of challenges that can be
	// scheduled as 'processing' at once.
	MaxConcurrentChallenges int
}

type WebhookBootstrapOptions added in v0.10.0

type WebhookBootstrapOptions struct {
	// Namespace is the namespace the webhook CA and serving secret will be
	// created in.
	// If not specified, it will default to the same namespace as cert-manager.
	Namespace string

	// CASecretName is the name of the secret containing the webhook's root CA
	CASecretName string

	// ServingSecretName is the name of the secret containing the webhook's
	// serving certificate
	ServingSecretName string

	// DNSNames are the dns names that should be set on the serving certificate
	DNSNames []string
}

Directories

Path Synopsis
ca
Package test contains testing utilities used for constructing fake Contexts which can be used during tests.
Package test contains testing utilities used for constructing fake Contexts which can be used during tests.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL