watcher

package
v0.0.0-...-67aceb4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 20, 2024 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SkrTLSName      = "skr-webhook-tls"
	SkrResourceName = "skr-webhook"
)
View Source 
const (
	DomainAnnotation = shared.SKRDomainAnnotation
)

Variables

View Source 
var (
	ErrDomainAnnotationEmpty   = errors.New("domain annotation is empty")
	ErrDomainAnnotationMissing = errors.New("domain annotation is missing")
	ErrIssuerNotFound          = errors.New("no certificate issuer found")
)
View Source 
var ErrGatewayHostWronglyConfigured = errors.New("gateway should have configured exactly one server and one host")

Functions

func ResolveTLSCertName 

func ResolveTLSCertName(kymaName string) string

func ResolveWebhookRuleResources 

func ResolveWebhookRuleResources(resource string, fieldName v1beta2.FieldName) []string

func SecretRequiresRotation 

func SecretRequiresRotation(gatewaySecret *apicorev1.Secret, watcherSecret *apicorev1.Secret) bool

Types

type CertificateConfig 

type CertificateConfig struct {
	// IstioNamespace represents the cluster resource namespace of istio
	IstioNamespace string
	// RemoteSyncNamespace indicates the sync namespace for Kyma and module catalog
	RemoteSyncNamespace string
	// CACertificateName indicates the Name of the CA Root Certificate in the Istio Namespace
	CACertificateName string
	// AdditionalDNSNames indicates the DNS Names which should be added additional to the Subject
	// Alternative Names of each Kyma Certificate
	AdditionalDNSNames []string
	Duration           time.Duration
	RenewBefore        time.Duration
	RenewBuffer        time.Duration
	KeySize            int
}

type CertificateManager 

type CertificateManager struct {
	// contains filtered or unexported fields
}

func NewCertificateManager 

func NewCertificateManager(kcpClient client.Client, kymaName string,
	config CertificateConfig,
) *CertificateManager

NewCertificateManager returns a new CertificateManager, which can be used for creating a cert-manager Certificates.

func (*CertificateManager) CreateSelfSignedCert 

func (c *CertificateManager) CreateSelfSignedCert(ctx context.Context, kyma *v1beta2.Kyma) (*certmanagerv1.Certificate,
	error,
)

CreateSelfSignedCert creates a cert-manager Certificate with a sufficient set of Subject-Alternative-Names.

func (*CertificateManager) Remove 

func (c *CertificateManager) Remove(ctx context.Context) error

Remove removes the certificate including its certificate secret.

func (*CertificateManager) RemoveCertificate 

func (c *CertificateManager) RemoveCertificate(ctx context.Context) error

func (*CertificateManager) RemoveSecretAfterCARotated 

func (c *CertificateManager) RemoveSecretAfterCARotated(ctx context.Context, gatewaySecret *apicorev1.Secret,
	kymaObjKey client.ObjectKey,
) error

type CertificateNotReadyError 

type CertificateNotReadyError struct{}

func (*CertificateNotReadyError) Error 

func (e *CertificateNotReadyError) Error() string

type CertificateSecret 

type CertificateSecret struct {
	CACrt           string
	TLSCrt          string
	TLSKey          string
	ResourceVersion string
}

type GatewayConfig 

type GatewayConfig struct {
	// IstioGatewayName represents the cluster resource name of the klm istio gateway
	IstioGatewayName string
	// IstioGatewayNamespace represents the cluster resource namespace of the klm istio gateway
	IstioGatewayNamespace string
	// LocalGatewayPortOverwrite indicates the port used to expose the KCP cluster locally in k3d
	// for the watcher callbacks
	LocalGatewayPortOverwrite string
}

func (GatewayConfig) ResolveKcpAddr 

func (g GatewayConfig) ResolveKcpAddr(mgr ctrl.Manager) (string, error)

type SKRWebhookManager 

type SKRWebhookManager interface {
	// Install installs the watcher's webhook chart resources on the SKR cluster
	Install(ctx context.Context, kyma *v1beta2.Kyma) error
	// Remove removes the watcher's webhook chart resources from the SKR cluster
	Remove(ctx context.Context, kyma *v1beta2.Kyma) error
}

type SKRWebhookManifestManager 

type SKRWebhookManifestManager struct {
	WatcherMetrics *metrics.WatcherMetrics
	// contains filtered or unexported fields
}

func NewSKRWebhookManifestManager 

func NewSKRWebhookManifestManager(
	kcpClient client.Client,
	skrContextFactory remote.SkrContextProvider,
	managerConfig SkrWebhookManagerConfig,
	certificateConfig CertificateConfig,
	resolvedKcpAddr string,
) (*SKRWebhookManifestManager, error)

func (*SKRWebhookManifestManager) Install 

func (m *SKRWebhookManifestManager) Install(ctx context.Context, kyma *v1beta2.Kyma) error

func (*SKRWebhookManifestManager) Remove 

func (m *SKRWebhookManifestManager) Remove(ctx context.Context, kyma *v1beta2.Kyma) error

type SkrWebhookManagerConfig 

type SkrWebhookManagerConfig struct {
	// SKRWatcherPath represents the path of the webhook resources
	// to be installed on SKR clusters upon reconciling kyma CRs.
	SKRWatcherPath         string
	SkrWatcherImage        string
	SkrWebhookMemoryLimits string
	SkrWebhookCPULimits    string
	RemoteSyncNamespace    string
}

type SubjectAltName 

type SubjectAltName struct {
	DNSNames       []string
	IPAddresses    []string
	URIs           []string
	EmailAddresses []string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.