driver

package

v0.0.0-...-f859e03 Latest Latest Go to latest Published: Jan 29, 2025 License: Apache-2.0 Imports: 33 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/mortifiedpho/csi-driver-spiffe

Documentation ¶

Index ¶

type Driver
- func New(log logr.Logger, opts Options) (*Driver, error)
- func (d *Driver) Run(ctx context.Context) error
type Options

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Driver ¶

type Driver struct {
	// contains filtered or unexported fields
}

Driver is used for running the actual CSI driver. Driver will respond to NodePubishVolume events, and attempt to sign SPIFFE certificates for mounting pod's identity.

func New ¶

func New(log logr.Logger, opts Options) (*Driver, error)

New constructs a new Driver instance.

func (*Driver) Run ¶

func (d *Driver) Run(ctx context.Context) error

Run is a blocking func that runs the CSI driver.

type Options ¶

type Options struct {
	// DriverName is the driver name as installed in Kubernetes.
	DriverName string

	// NodeID is the name of the node the driver is running on.
	NodeID string

	// DataRoot is the path to the in-memory data directory used to store data.
	DataRoot string

	// Endpoint is the endpoint which is used to listen for gRPC requests.
	Endpoint string

	// TrustDomain is the trust domain of this SPIFFE PKI. The TrustDomain will
	// appear in signed certificate's URI SANs.
	TrustDomain string

	// CertificateRequestAnnotations are annotations that are to be added to certificate requests created by the driver
	CertificateRequestAnnotations map[string]string

	// CertificateRequestDuration is the duration CertificateRequests will be
	// requested with.
	// Defaults to 1 hour if empty.
	CertificateRequestDuration time.Duration

	// IssuerRef is the IssuerRef used when creating CertificateRequests.
	IssuerRef *cmmeta.ObjectReference

	// CertificateFileName is the name of the file that the signed certificate
	// will be written to inside the Pod's volume.
	// Default to `tls.crt` if empty.
	CertificateFileName string

	// KeyFileName is the name of the file that the private key will be written
	// to inside the Pod's volume.
	// Default to `tls.key` if empty.
	KeyFileName string

	// CAFileName is the name of the file that the root CA certificates will be
	// written to inside the Pod's volume. Ignored if RootCAs is nil.
	CAFileName string

	// RestConfig is used for interacting with the Kubernetes API server.
	RestConfig *rest.Config

	// RootCAs is optionally used to write root CA certificate data to Pod's
	// volume. If nil, no root CA data is written to Pod's volume. If defined,
	// root CA data will be written to the file with the name defined in
	// CAFileName. If the root CA certificate data changes, all managed volume's
	// file will be updated.
	RootCAs rootca.Interface

	// IssuanceConfigMapName is the name of the ConfigMap to watch for issuance configuration.
	IssuanceConfigMapName string

	// IssuanceConfigMapNamespace is the namespace of the ConfigMap to watch for issuance configuration
	IssuanceConfigMapNamespace string
}

Options holds the Options needed for the CSI driver.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL