Documentation
¶
Overview ¶
Package localrenwercontroller implements the controller for managing certificate renewals for local Identity resources. It monitors Identity objects and creates Renew objects when certificates need to be renewed.
The controller is responsible for: * Monitoring Identity objects and their certificates * Determining when certificates need renewal based on their lifetime * Creating and managing Renew objects for certificate renewal * Handling manual renewal requests via the "liqo.io/renew" annotation
Certificate renewal is triggered in two ways: 1. Automatically when a certificate reaches 2/3 of its lifetime 2. Manually when an Identity is annotated with "liqo.io/renew: true"
The controller implements an adaptive requeue mechanism that adjusts the check frequency based on how close the certificate is to requiring renewal.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type LocalRenewerReconciler ¶
type LocalRenewerReconciler struct {
client.Client
Scheme *runtime.Scheme
LiqoNamespace string
LocalClusterID liqov1beta1.ClusterID
// contains filtered or unexported fields
}
LocalRenewerReconciler reconciles an Identity object.
func NewLocalRenewerReconciler ¶
func NewLocalRenewerReconciler(cl client.Client, s *runtime.Scheme, liqoNamespace string, localClusterID liqov1beta1.ClusterID, recorder record.EventRecorder) *LocalRenewerReconciler
NewLocalRenewerReconciler returns a new LocalRenewerReconciler.
func (*LocalRenewerReconciler) Reconcile ¶
func (r *LocalRenewerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
Reconcile implements the logic to determine if an Identity should be renewed, and enforces the creation of a Renew object if needed. It also removes the current Renew object if the Identity does not need renewal anymore.
The function first retrieves the Identity object and checks if it should be renewed using the shouldRenew function. Renewal can be triggered either by the presence of a "liqo.io/renew" annotation set to true, or by the certificate approaching its expiration time (2/3 of its lifetime).
If the Identity does not need renewal, it removes the current Renew object if present and returns a requeue time calculated by the shouldRenew function.
If the Identity needs renewal, the function creates a Renew object and returns a nil error. If an error occurs during the process, the function logs the error and returns it.
func (*LocalRenewerReconciler) SetupWithManager ¶
func (r *LocalRenewerReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
Source Files