Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // WantInjectAnnotation is the annotation that specifies that a particular // object wants injection of CAs. It takes the form of a reference to a certificate // as namespace/name. The certificate is expected to have the is-serving-for annotations. WantInjectAnnotation = "certmanager.k8s.io/inject-ca-from" // WantInjectAPIServerCAAnnotation, if set to "true", will make the cainjector // inject the CA certificate for the Kubernetes apiserver into the resource. // It discovers the apiserver's CA by inspecting the service account credentials // mounted into the WantInjectAPIServerCAAnnotation = "certmanager.k8s.io/inject-apiserver-ca" )
var ( MutatingWebhookSetup = injectorSetup{ // contains filtered or unexported fields } ValidatingWebhookSetup = injectorSetup{ // contains filtered or unexported fields } APIServiceSetup = injectorSetup{ // contains filtered or unexported fields } CRDSetup = injectorSetup{ // contains filtered or unexported fields } ControllerNames []string )
Functions ¶
func OwningCertForSecret ¶
func OwningCertForSecret(secret *corev1.Secret) *types.NamespacedName
OwningCertForSecret gets the name of the owning certificate for a given secret, returning nil if no such object exists. Right now, this actually uses a label instead of owner refs, since certmanager doesn't set owner refs on secrets.
func Register ¶
Register registers an injection controller with the given manager, and adds relevant indicies.
func RegisterAll ¶
RegisterALL registers all known injection controllers with the given manager, and adds relevant indicides.
Types ¶
type CertInjector ¶
type CertInjector interface {
// NewTarget creates a new InjectTarget containing an empty underlying object.
NewTarget() InjectTarget
}
CertInjector knows how to create an instance of an InjectTarget for some particular type of inject target. For instance, an implementation might create a InjectTarget containing an empty MutatingWebhookConfiguration. The underlying API object can be populated (via AsObject) using client.Client#Get, and then CAs can be injected with Injectables (representing the various individual webhooks in the config) retrieved with Services.
type InjectTarget ¶
type InjectTarget interface {
// AsObject returns this injectable as an object.
// It should be a pointer suitable for mutation.
AsObject() runtime.Object
// SetCA sets the CA of this target to the given certificate data (in the standard
// PEM format used across Kubernetes). In cases where multiple CA fields exist per
// target (like admission webhook configs), all CAs are set to the given value.
SetCA(data []byte)
}
InjectTarget is a Kubernetes API object that has one or more references to Kubernetes Services with corresponding fields for CA bundles.
type Injectable ¶
type Injectable interface {
}
Injectable is a point in a Kubernetes API object that represents a Kubernetes Service reference with a corresponding spot for a CA bundle.
Source Files