Documentation ¶
Overview ¶
Package csr contains the logic required to generate, create and approve Certificate Signing Requests (CSR) for the Virtual Kubelet instances.
Index ¶
- func Approve(clientSet k8s.Interface, csr *certv1.CertificateSigningRequest, ...) error
- func ApproverHandler(clientset k8s.Interface, reason, message string) func(*certv1.CertificateSigningRequest)
- func CreateCSRResource(ctx context.Context, name string, client kubernetes.Interface, ...) error
- func GenerateVKCSR(name string, csr []byte, signerName string) *certificatesv1.CertificateSigningRequest
- func GetCSRSecret(ctx context.Context, clientset kubernetes.Interface, ...) (secret *v1.Secret, hasCertificate bool, err error)
- func IsApproved(csr *certv1.CertificateSigningRequest) bool
- func PersistCertificates(ctx context.Context, clientset kubernetes.Interface, ...) error
- func StoreCertificate(ctx context.Context, clientset kubernetes.Interface, certificate []byte, ...) error
- type Watcher
- func (r Watcher) RegisterHandler(handler WatcherHandlerFunc)
- func (r Watcher) RegisterHandlerForName(name string, handler WatcherHandlerFunc)
- func (r Watcher) RetrieveCertificate(ctx context.Context, csrName string) ([]byte, error)
- func (r Watcher) Start(ctx context.Context)
- func (r Watcher) UnregisterHandler()
- func (r Watcher) UnregisterHandlerForName(name string)
- type WatcherHandlerFunc
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Approve ¶ added in v0.3.0
func Approve(clientSet k8s.Interface, csr *certv1.CertificateSigningRequest, reason, message string) error
Approve approves the provided CertificateSigningRequest.
func ApproverHandler ¶ added in v0.3.0
func ApproverHandler(clientset k8s.Interface, reason, message string) func(*certv1.CertificateSigningRequest)
ApproverHandler returns an handler to approve CSRs.
func CreateCSRResource ¶ added in v0.3.0
func CreateCSRResource(ctx context.Context, name string, client kubernetes.Interface, nodeName, namespace, distribution string) error
CreateCSRResource creates a CSR Resource for a new Virtual Kubelet instance.
func GenerateVKCSR ¶
func GenerateVKCSR(name string, csr []byte, signerName string) *certificatesv1.CertificateSigningRequest
GenerateVKCSR generate a certificates/v1 CSR resource for a virtual-kubelet name and PEM CSR.
func GetCSRSecret ¶ added in v0.3.0
func GetCSRSecret(ctx context.Context, clientset kubernetes.Interface, nodeName, namespace string) (secret *v1.Secret, hasCertificate bool, err error)
GetCSRSecret returns the secret containing the CSR data.
func IsApproved ¶ added in v0.3.0
func IsApproved(csr *certv1.CertificateSigningRequest) bool
IsApproved returns whether the given CSR is approved (i.e. has a valid certificate).
func PersistCertificates ¶ added in v0.3.0
func PersistCertificates(ctx context.Context, clientset kubernetes.Interface, nodeName, namespace, csrLocation, keyLocation, certLocation string) error
PersistCertificates persists the data stored in the secret into the default path.
func StoreCertificate ¶ added in v0.3.0
func StoreCertificate(ctx context.Context, clientset kubernetes.Interface, certificate []byte, namespace, nodeName string) error
StoreCertificate stores the retrieved certificate into the CSR secret.
Types ¶
type Watcher ¶ added in v0.3.0
type Watcher struct {
// contains filtered or unexported fields
}
Watcher wraps the logic to be notified once a CSR change is detected.
func NewWatcher ¶ added in v0.3.0
NewWatcher initializes a new CSR watcher for the given label selector.
func (Watcher) RegisterHandler ¶ added in v0.3.0
func (r Watcher) RegisterHandler(handler WatcherHandlerFunc)
RegisterHandler registers a new handler executed once a CSR change is detected.
func (Watcher) RegisterHandlerForName ¶ added in v0.3.0
func (r Watcher) RegisterHandlerForName(name string, handler WatcherHandlerFunc)
RegisterHandlerForName registers a new handler executed once a new CSR change with the given name is detected.
func (Watcher) RetrieveCertificate ¶ added in v0.3.0
RetrieveCertificate registers the appropriate handlers and waits for the certificate retrieval.
func (Watcher) UnregisterHandler ¶ added in v0.3.0
func (r Watcher) UnregisterHandler()
UnregisterHandler un-registers the handler executed once a CSR change is detected.
func (Watcher) UnregisterHandlerForName ¶ added in v0.3.0
UnregisterHandlerForName un-registers the handler executed once a CSR change with the given name is detected.
type WatcherHandlerFunc ¶ added in v0.3.0
type WatcherHandlerFunc func(*certv1.CertificateSigningRequest)
WatcherHandlerFunc represents a the function type executed once an approved CSR is observesd by the informer.