secretfetcher

package

v0.0.0-...-edfa39e Latest Latest Go to latest Published: Jan 28, 2019 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/simpleusd/istio

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type SecretFetcher
- func NewSecretFetcher(ingressGatewayAgent bool, endpoint, CAProviderName string, tlsFlag bool, ...) (*SecretFetcher, error)

Constants ¶

View Source

const (

	// IngressSecretType the type of kubernetes secrets for ingress gateway.
	IngressSecretType = "istio.io/ingress-key-cert"

	// KubeConfigFile the config file name for kubernetes client.
	// Specifies empty file name to use InClusterConfig.
	KubeConfigFile = ""

	// The ID/name for the certificate chain in kubernetes secret.
	ScrtCert = "cert"
	// The ID/name for the k8sKey in kubernetes secret.
	ScrtKey = "key"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type SecretFetcher ¶

type SecretFetcher struct {
	// If UseCaClient is true, use caClient to send CSR to CA.
	UseCaClient bool
	CaClient    caClientInterface.Client

	// Delete all entries containing secretName in SecretCache. Called when K8S secret is deleted.
	DeleteCache func(secretName string)
	// Update all entries containing secretName in SecretCache. Called when K8S secret is updated.
	UpdateCache func(secretName string, ns model.SecretItem)
	// contains filtered or unexported fields
}

SecretFetcher fetches secret via watching k8s secrets or sending CSR to CA.

func NewSecretFetcher ¶

func NewSecretFetcher(ingressGatewayAgent bool, endpoint, CAProviderName string, tlsFlag bool,
	tlsRootCert []byte, vaultAddr, vaultRole, vaultAuthPath, vaultSignCsrPath string) (*SecretFetcher, error)

NewSecretFetcher returns a pointer to a newly constructed SecretFetcher instance.

func (*SecretFetcher) AddSecret ¶

func (sf *SecretFetcher) AddSecret(obj interface{})

AddSecret adds obj into local store. Only used for testing.

func (*SecretFetcher) FindIngressGatewaySecret ¶

func (sf *SecretFetcher) FindIngressGatewaySecret(key string) (secret model.SecretItem, ok bool)

FindIngressGatewaySecret returns the secret for a k8sKeyA, or empty secret if no secret is present. The ok result indicates whether secret was found.

func (*SecretFetcher) Init ¶

func (sf *SecretFetcher) Init(core corev1.CoreV1Interface)

Init initializes SecretFetcher to watch kubernetes secrets.

func (*SecretFetcher) Run ¶

func (sf *SecretFetcher) Run(ch chan struct{})

Run starts the SecretFetcher until a value is sent to ch. Only used when watching kubernetes gateway secrets.

Source Files ¶

View all Source files

secretfetcher.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL