Documentation ¶
Index ¶
- Constants
- Variables
- func DefaultItemBasedRateLimiter() workqueue.RateLimiter
- func Known() map[string]Constructor
- func NameForIssuer(i v1alpha1.GenericIssuer) (string, error)
- func Register(name string, fn Constructor)
- func RegisterIssuer(name string, c IssuerConstructor)
- type ACMEOptions
- type BlockingEventHandler
- type CertificateOptions
- type Constructor
- type Context
- type Helper
- type IngressShimOptions
- type Interface
- type IssuerConstructor
- type IssuerFactory
- type IssuerOptions
- type QueuingEventHandler
Constants ¶
const ( // IssuerACME is the name of the ACME issuer IssuerACME string = "acme" // IssuerCA is the name of the simple issuer IssuerCA string = "ca" // IssuerVault is the name of the Vault issuer IssuerVault string = "vault" // IssuerSelfSigned is a self signing issuer IssuerSelfSigned string = "selfsigned" )
Variables ¶
var (
KeyFunc = cache.DeletionHandlingMetaNamespaceKeyFunc
)
Functions ¶
func DefaultItemBasedRateLimiter ¶ added in v0.6.0
func DefaultItemBasedRateLimiter() workqueue.RateLimiter
func Known ¶
func Known() map[string]Constructor
Known returns a map of the registered controller Constructors
func NameForIssuer ¶
func NameForIssuer(i v1alpha1.GenericIssuer) (string, error)
nameForIssuer determines the name of the issuer implementation given an Issuer resource.
func Register ¶
func Register(name string, fn Constructor)
Register registers a controller constructor with the controller package
func RegisterIssuer ¶
func RegisterIssuer(name string, c IssuerConstructor)
Register will register an issuer constructor so it can be used within the application. 'name' should be unique, and should be used to identify this issuer. TODO: move this method to be on Factory, and invent a way to obtain a SharedFactory. This will make testing easier.
Types ¶
type ACMEOptions ¶
type ACMEOptions struct { // ACMEHTTP01SolverImage is the image to use for solving ACME HTTP01 // challenges HTTP01SolverImage string // HTTP01SolverResourceRequestCPU defines the ACME pod's resource request CPU size HTTP01SolverResourceRequestCPU resource.Quantity // HTTP01SolverResourceRequestMemory defines the ACME pod's resource request Memory size HTTP01SolverResourceRequestMemory resource.Quantity // HTTP01SolverResourceLimitsCPU defines the ACME pod's resource limits CPU size HTTP01SolverResourceLimitsCPU resource.Quantity // HTTP01SolverResourceLimitsMemory defines the ACME pod's resource limits Memory size HTTP01SolverResourceLimitsMemory resource.Quantity // DNS01CheckAuthoritative is a flag for controlling if auth nss are used // for checking propogation of an RR. This is the ideal scenario DNS01CheckAuthoritative bool // DNS01Nameservers is a list of nameservers to use when performing self-checks // for ACME DNS01 validations. DNS01Nameservers []string }
type BlockingEventHandler ¶
type BlockingEventHandler struct {
WorkFunc func(obj interface{})
}
BlockingEventHandler is an implementation of cache.ResourceEventHandler that simply synchronously calls it's WorkFunc upon calls to OnAdd, OnUpdate or OnDelete.
func (*BlockingEventHandler) Enqueue ¶
func (b *BlockingEventHandler) Enqueue(obj interface{})
func (*BlockingEventHandler) OnAdd ¶
func (b *BlockingEventHandler) OnAdd(obj interface{})
func (*BlockingEventHandler) OnDelete ¶
func (b *BlockingEventHandler) OnDelete(obj interface{})
func (*BlockingEventHandler) OnUpdate ¶
func (b *BlockingEventHandler) OnUpdate(old, new interface{})
type CertificateOptions ¶ added in v0.6.0
type CertificateOptions struct { // EnableOwnerRef controls wheter wheter the certificate is configured as an owner of // secret where the effective TLS certificate is stored. EnableOwnerRef bool }
type Constructor ¶
Constructor is a function that creates a new control loop given a controller Context.
type Context ¶
type Context struct { // Client is a Kubernetes clientset Client kubernetes.Interface // CMClient is a cert-manager clientset CMClient clientset.Interface // Recorder to record events to Recorder record.EventRecorder // SharedIndexInformer instances for Kubernetes types KubeSharedInformerFactory kubeinformers.SharedInformerFactory // instances SharedInformerFactory informers.SharedInformerFactory // Namespace is the namespace to operate within. // If unset, operates on all namespaces Namespace string IssuerOptions ACMEOptions IngressShimOptions CertificateOptions }
Context contains various types that are used by controller implementations. We purposely don't have specific informers/listers here, and instead keep a reference to a SharedInformerFactory so that controllers can choose themselves which listers are required.
func (*Context) IssuerFactory ¶
func (c *Context) IssuerFactory() IssuerFactory
type Helper ¶
type Helper interface {
GetGenericIssuer(ref cmapi.ObjectReference, ns string) (cmapi.GenericIssuer, error)
}
func NewHelper ¶
func NewHelper(issuerLister cmlisters.IssuerLister, clusterIssuerLister cmlisters.ClusterIssuerLister) Helper
NewHelper will construct a new instance of a Helper using values supplied on the provided controller context.
type IngressShimOptions ¶
type Interface ¶
Interface represents a controller that can run. 'workers' should be the number of independent goroutines for this controller in question that are to be run, and the workers should shut down upon a signal on stopCh. This method should block until all workers have exited cleanly, thus allowing for graceful shutdown of control loops.
type IssuerConstructor ¶
issuerConstructor constructs an issuer given an Issuer resource and a Context. An error will be returned if the appropriate issuer is not registered.
type IssuerFactory ¶
type IssuerFactory interface {
IssuerFor(v1alpha1.GenericIssuer) (issuer.Interface, error)
}
IssuerFactory is an interface that can be used to obtain Issuer implementations. It determines which issuer implementation to use by introspecting the given Issuer resource.
func NewIssuerFactory ¶
func NewIssuerFactory(ctx *Context) IssuerFactory
NewIssuerFactory returns a new issuer factory with the given issuer context. The context will be injected into each Issuer upon creation.
type IssuerOptions ¶
type IssuerOptions struct { // ClusterResourceNamespace is the namespace to store resources created by // non-namespaced resources (e.g. ClusterIssuer) in. ClusterResourceNamespace string // ClusterIssuerAmbientCredentials controls whether a cluster issuer should // pick up ambient credentials, such as those from metadata services, to // construct clients. ClusterIssuerAmbientCredentials bool // IssuerAmbientCredentials controls whether an issuer should pick up ambient // credentials, such as those from metadata services, to construct clients. IssuerAmbientCredentials bool // RenewBeforeExpiryDuration is the default 'renew before expiry' time for Certificates. // Once a certificate is within this duration until expiry, a new Certificate // will be attempted to be issued. RenewBeforeExpiryDuration time.Duration }
func (IssuerOptions) CanUseAmbientCredentials ¶
func (o IssuerOptions) CanUseAmbientCredentials(iss cmapi.GenericIssuer) bool
func (IssuerOptions) CertificateNeedsRenew ¶
func (o IssuerOptions) CertificateNeedsRenew(cert *x509.Certificate, renewBefore *metav1.Duration) bool
func (IssuerOptions) ResourceNamespace ¶
func (o IssuerOptions) ResourceNamespace(iss cmapi.GenericIssuer) string
type QueuingEventHandler ¶
type QueuingEventHandler struct {
Queue workqueue.RateLimitingInterface
}
QueuingEventHandler is an implementation of cache.ResourceEventHandler that simply queues objects that are added/updated/deleted.
func (*QueuingEventHandler) Enqueue ¶
func (q *QueuingEventHandler) Enqueue(obj interface{})
func (*QueuingEventHandler) OnAdd ¶
func (q *QueuingEventHandler) OnAdd(obj interface{})
func (*QueuingEventHandler) OnDelete ¶
func (q *QueuingEventHandler) OnDelete(obj interface{})
func (*QueuingEventHandler) OnUpdate ¶
func (q *QueuingEventHandler) OnUpdate(old, new interface{})
Directories ¶
Path | Synopsis |
---|---|
Package test contains testing utilities used for constructing fake Contexts which can be used during tests.
|
Package test contains testing utilities used for constructing fake Contexts which can be used during tests. |