controller

package

v0.0.0-...-1a56975 Latest Latest Go to latest Published: Apr 23, 2019 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/richardwxn/istio

Documentation ¶

Index ¶

Constants
func ConstructCustomDNSNames(serviceAccounts []string, serviceNames []string, namespace string, ...) map[string]*DNSNameEntry
func GetSecretName(saName string) string
type DNSNameEntry
type SecretController
- func NewSecretController(ca ca.CertificateAuthority, requireOptIn bool, certTTL time.Duration, ...) (*SecretController, error)
- func (sc *SecretController) Run(stopCh chan struct{})

Constants ¶

View Source

const (
	// The Istio secret annotation type
	IstioSecretType = "istio.io/key-and-cert"

	// The ID/name for the certificate chain file.
	CertChainID = "cert-chain.pem"
	// The ID/name for the private key file.
	PrivateKeyID = "key.pem"
	// The ID/name for the CA root certificate file.
	RootCertID = "root-cert.pem"
	// The key to specify corresponding service account in the annotation of K8s secrets.
	ServiceAccountNameAnnotationKey = "istio.io/service-account.name"
)

#nosec: disable gas linter

Variables ¶

This section is empty.

Functions ¶

func ConstructCustomDNSNames ¶

func ConstructCustomDNSNames(serviceAccounts []string, serviceNames []string,
	namespace string, customDNSNames string) map[string]*DNSNameEntry

ConstructCustomDNSNames creates DNS entries for given service accounts and allows customization of the DNS names used in the certificate SAN field. By default the DNS name used in the SAN field are in the form of service.namespace and service.namespace.svc. When a custom DNS is specified, we set an additional DNS SAN for the service account. The customDNSNames string contains a list of comma separated entries, with each entry formatted as <service-account-name>:<custom-DNS-value-for-SAN>

func GetSecretName ¶

func GetSecretName(saName string) string

GetSecretName returns the secret name for a given service account name.

Types ¶

type DNSNameEntry ¶

type DNSNameEntry struct {
	// ServiceName is the name of the service account to match
	ServiceName string

	// Namespace restricts to a specific namespace.
	Namespace string

	// CustomDomain allows adding a user-defined domain.
	CustomDomains []string
}

DNSNameEntry stores the service name and namespace to construct the DNS id. Service accounts matching the ServiceName and Namespace will have additional DNS SANs: ServiceName.Namespace.svc, ServiceName.Namespace and optionall CustomDomain. This is intended for control plane and trusted services.

type SecretController ¶

type SecretController struct {
	// contains filtered or unexported fields
}

SecretController manages the service accounts' secrets that contains Istio keys and certificates.

func NewSecretController ¶

func NewSecretController(ca ca.CertificateAuthority, requireOptIn bool, certTTL time.Duration,
	gracePeriodRatio float32, minGracePeriod time.Duration, dualUse bool,
	core corev1.CoreV1Interface, forCA bool, pkcs8Key bool, namespaces []string,
	dnsNames map[string]*DNSNameEntry) (*SecretController, error)

NewSecretController returns a pointer to a newly constructed SecretController instance.

func (*SecretController) Run ¶

func (sc *SecretController) Run(stopCh chan struct{})

Run starts the SecretController until a value is sent to stopCh.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL