v1

package
v1.1.0-beta22 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 23, 2021 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Overview

Package v1 contains API Schema definitions for the certificates.mesh.gloo.solo.io v1 API group +k8s:deepcopy-gen=package,register +groupName=certificates.mesh.gloo.solo.io

NOTE: Boilerplate only. Ignore this file. Used to register the Go types with the Kubernetes internal scheme

Definitions for the Kubernetes types

Definitions for the Kubernetes types

Index

Constants

This section is empty.

Variables

View Source 
var (
	CertificateRequestStatus_State_name = map[int32]string{
		0: "PENDING",
		1: "FINISHED",
		2: "FAILED",
	}
	CertificateRequestStatus_State_value = map[string]int32{
		"PENDING":  0,
		"FINISHED": 1,
		"FAILED":   2,
	}
)

Enum value maps for CertificateRequestStatus_State.

View Source 
var (
	IssuedCertificateStatus_State_name = map[int32]string{
		0: "PENDING",
		1: "REQUESTED",
		2: "ISSUED",
		3: "FINISHED",
		4: "FAILED",
	}
	IssuedCertificateStatus_State_value = map[string]int32{
		"PENDING":   0,
		"REQUESTED": 1,
		"ISSUED":    2,
		"FINISHED":  3,
		"FAILED":    4,
	}
)

Enum value maps for IssuedCertificateStatus_State.

View Source 
var (
	// SchemeGroupVersion is group version used to register these objects
	SchemeGroupVersion = schema.GroupVersion{Group: "certificates.mesh.gloo.solo.io", Version: "v1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
)
View Source 
var CertificateRequestGVK = schema.GroupVersionKind{
	Group:   "certificates.mesh.gloo.solo.io",
	Version: "v1",
	Kind:    "CertificateRequest",
}

GroupVersionKind for CertificateRequest

View Source 
var File_github_com_solo_io_gloo_mesh_api_certificates_v1_ca_options_proto protoreflect.FileDescriptor
View Source 
var File_github_com_solo_io_gloo_mesh_api_certificates_v1_certificate_request_proto protoreflect.FileDescriptor
View Source 
var File_github_com_solo_io_gloo_mesh_api_certificates_v1_issued_certificate_proto protoreflect.FileDescriptor
View Source 
var File_github_com_solo_io_gloo_mesh_api_certificates_v1_pod_bounce_directive_proto protoreflect.FileDescriptor
View Source 
var File_github_com_solo_io_gloo_mesh_api_certificates_v1_vault_ca_proto protoreflect.FileDescriptor
View Source 
var IssuedCertificateGVK = schema.GroupVersionKind{
	Group:   "certificates.mesh.gloo.solo.io",
	Version: "v1",
	Kind:    "IssuedCertificate",
}

GroupVersionKind for IssuedCertificate

View Source 
var PodBounceDirectiveGVK = schema.GroupVersionKind{
	Group:   "certificates.mesh.gloo.solo.io",
	Version: "v1",
	Kind:    "PodBounceDirective",
}

GroupVersionKind for PodBounceDirective

Functions

func AddToScheme 

func AddToScheme(s *runtime.Scheme) error

func NewCertificateRequestClient 

func NewCertificateRequestClient(client client.Client) *certificateRequestClient

func NewIssuedCertificateClient 

func NewIssuedCertificateClient(client client.Client) *issuedCertificateClient

func NewPodBounceDirectiveClient 

func NewPodBounceDirectiveClient(client client.Client) *podBounceDirectiveClient

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type CertificateRequest 

type CertificateRequest struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   CertificateRequestSpec   `json:"spec,omitempty"`
	Status CertificateRequestStatus `json:"status,omitempty"`
}

CertificateRequest is the Schema for the certificateRequest API

func (*CertificateRequest) DeepCopy 

func (in *CertificateRequest) DeepCopy() *CertificateRequest

func (*CertificateRequest) DeepCopyInto 

func (in *CertificateRequest) DeepCopyInto(out *CertificateRequest)

func (*CertificateRequest) DeepCopyObject 

func (in *CertificateRequest) DeepCopyObject() runtime.Object

func (CertificateRequest) GVK 

func (CertificateRequest) GVK() schema.GroupVersionKind

GVK returns the GroupVersionKind associated with the resource type.

type CertificateRequestClient 

type CertificateRequestClient interface {
	CertificateRequestReader
	CertificateRequestWriter
	CertificateRequestStatusWriter
}

Client knows how to perform CRUD operations on CertificateRequests.

type CertificateRequestList 

type CertificateRequestList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []CertificateRequest `json:"items"`
}

CertificateRequestList contains a list of CertificateRequest

func (*CertificateRequestList) DeepCopy 

func (in *CertificateRequestList) DeepCopy() *CertificateRequestList

func (*CertificateRequestList) DeepCopyInto 

func (in *CertificateRequestList) DeepCopyInto(out *CertificateRequestList)

func (*CertificateRequestList) DeepCopyObject 

func (in *CertificateRequestList) DeepCopyObject() runtime.Object

type CertificateRequestReader 

type CertificateRequestReader interface {
	// Get retrieves a CertificateRequest for the given object key
	GetCertificateRequest(ctx context.Context, key client.ObjectKey) (*CertificateRequest, error)

	// List retrieves list of CertificateRequests for a given namespace and list options.
	ListCertificateRequest(ctx context.Context, opts ...client.ListOption) (*CertificateRequestList, error)
}

Reader knows how to read and list CertificateRequests.

type CertificateRequestSlice 

type CertificateRequestSlice []*CertificateRequest

CertificateRequestSlice represents a slice of *CertificateRequest

type CertificateRequestSpec 

type CertificateRequestSpec struct {

	// Base64-encoded data for the PKCS#10 Certificate Signing Request issued
	// by the Gloo Mesh agent deployed in the managed cluster, corresponding
	// to the IssuedRequest received by the Gloo Mesh agent.
	CertificateSigningRequest []byte `` /* 138-byte string literal not displayed */
	// contains filtered or unexported fields
}

CertificateRequests are generated by the Gloo Mesh agent installed on managed clusters. They are used to request a signed certificate from the certificate issuer (the Gloo Mesh server) based on a private key generated by the agent (which never leaves the managed cluster).

When Gloo Mesh creates an IssuedCertificate on a managed cluster, the local Gloo Mesh Agent will generate a CertificateRequest corresponding to it.

Gloo Mesh will then process the certificate signing request contained in the `CertificateRequestSpec` and write the signed SSL certificate back as a Kubernetes secret in the managed cluster, and update the `CertificateRequestStatus` to point to that secret.

func (*CertificateRequestSpec) DeepCopyInto 

func (in *CertificateRequestSpec) DeepCopyInto(out *CertificateRequestSpec)

DeepCopyInto for the CertificateRequest.Spec

func (*CertificateRequestSpec) Descriptor deprecated 

func (*CertificateRequestSpec) Descriptor() ([]byte, []int)

Deprecated: Use CertificateRequestSpec.ProtoReflect.Descriptor instead.

func (*CertificateRequestSpec) Equal 

func (m *CertificateRequestSpec) Equal(that interface{}) bool

Equal function

func (*CertificateRequestSpec) GetCertificateSigningRequest 

func (x *CertificateRequestSpec) GetCertificateSigningRequest() []byte

func (*CertificateRequestSpec) MarshalJSON 

func (this *CertificateRequestSpec) MarshalJSON() ([]byte, error)

MarshalJSON is a custom marshaler for CertificateRequestSpec

func (*CertificateRequestSpec) ProtoMessage 

func (*CertificateRequestSpec) ProtoMessage()

func (*CertificateRequestSpec) ProtoReflect 

func (x *CertificateRequestSpec) ProtoReflect() protoreflect.Message

func (*CertificateRequestSpec) Reset 

func (x *CertificateRequestSpec) Reset()

func (*CertificateRequestSpec) String 

func (x *CertificateRequestSpec) String() string

func (*CertificateRequestSpec) UnmarshalJSON 

func (this *CertificateRequestSpec) UnmarshalJSON(b []byte) error

UnmarshalJSON is a custom unmarshaler for CertificateRequestSpec

type CertificateRequestStatus 

type CertificateRequestStatus struct {

	// The most recent generation observed in the the CertificateRequest metadata.
	// If the `observedGeneration` does not match `metadata.generation`, the issuer has not processed the most
	// recent version of this request.
	ObservedGeneration int64 `protobuf:"varint,1,opt,name=observed_generation,json=observedGeneration,proto3" json:"observed_generation,omitempty"`
	// Any error observed which prevented the CertificateRequest from being processed.
	// If the error is empty, the request has been processed successfully
	Error string `protobuf:"bytes,2,opt,name=error,proto3" json:"error,omitempty"`
	// The current state of the CertificateRequest workflow reported by the issuer.
	State CertificateRequestStatus_State `` /* 131-byte string literal not displayed */
	// The signed intermediate certificate issued by the CA.
	SignedCertificate []byte `protobuf:"bytes,4,opt,name=signed_certificate,json=signedCertificate,proto3" json:"signed_certificate,omitempty"`
	// The root CA used by the issuer to sign the certificate.
	SigningRootCa []byte `protobuf:"bytes,5,opt,name=signing_root_ca,json=signingRootCa,proto3" json:"signing_root_ca,omitempty"`
	// The cert chain of signing CA.
	CertChain []byte `protobuf:"bytes,6,opt,name=cert_chain,json=certChain,proto3" json:"cert_chain,omitempty"`
	// contains filtered or unexported fields
}

func (*CertificateRequestStatus) DeepCopyInto 

func (in *CertificateRequestStatus) DeepCopyInto(out *CertificateRequestStatus)

DeepCopyInto for the CertificateRequest.Status

func (*CertificateRequestStatus) Descriptor deprecated 

func (*CertificateRequestStatus) Descriptor() ([]byte, []int)

Deprecated: Use CertificateRequestStatus.ProtoReflect.Descriptor instead.

func (*CertificateRequestStatus) Equal 

func (m *CertificateRequestStatus) Equal(that interface{}) bool

Equal function

func (*CertificateRequestStatus) GetCertChain added in v1.1.0 

func (x *CertificateRequestStatus) GetCertChain() []byte

func (*CertificateRequestStatus) GetError 

func (x *CertificateRequestStatus) GetError() string

func (*CertificateRequestStatus) GetObservedGeneration 

func (x *CertificateRequestStatus) GetObservedGeneration() int64

func (*CertificateRequestStatus) GetSignedCertificate 

func (x *CertificateRequestStatus) GetSignedCertificate() []byte

func (*CertificateRequestStatus) GetSigningRootCa 

func (x *CertificateRequestStatus) GetSigningRootCa() []byte

func (*CertificateRequestStatus) GetState 

func (x *CertificateRequestStatus) GetState() CertificateRequestStatus_State

func (*CertificateRequestStatus) MarshalJSON 

func (this *CertificateRequestStatus) MarshalJSON() ([]byte, error)

MarshalJSON is a custom marshaler for CertificateRequestStatus

func (*CertificateRequestStatus) ProtoMessage 

func (*CertificateRequestStatus) ProtoMessage()

func (*CertificateRequestStatus) ProtoReflect 

func (x *CertificateRequestStatus) ProtoReflect() protoreflect.Message

func (*CertificateRequestStatus) Reset 

func (x *CertificateRequestStatus) Reset()

func (*CertificateRequestStatus) String 

func (x *CertificateRequestStatus) String() string

func (*CertificateRequestStatus) UnmarshalJSON 

func (this *CertificateRequestStatus) UnmarshalJSON(b []byte) error

UnmarshalJSON is a custom unmarshaler for CertificateRequestStatus

type CertificateRequestStatusWriter 

type CertificateRequestStatusWriter interface {
	// Update updates the fields corresponding to the status subresource for the
	// given CertificateRequest object.
	UpdateCertificateRequestStatus(ctx context.Context, obj *CertificateRequest, opts ...client.UpdateOption) error

	// Patch patches the given CertificateRequest object's subresource.
	PatchCertificateRequestStatus(ctx context.Context, obj *CertificateRequest, patch client.Patch, opts ...client.PatchOption) error
}

StatusWriter knows how to update status subresource of a CertificateRequest object.

type CertificateRequestStatus_State 

type CertificateRequestStatus_State int32

Possible states in which a CertificateRequest can exist. 

const (
	// The CertificateRequest has yet to be picked up by the issuer.
	CertificateRequestStatus_PENDING CertificateRequestStatus_State = 0
	// The issuer has replied to the request and the `signedCertificate` and `signingRootCa`
	// status fields will be populated.
	CertificateRequestStatus_FINISHED CertificateRequestStatus_State = 1
	// Processing the certificate workflow failed.
	CertificateRequestStatus_FAILED CertificateRequestStatus_State = 2
)

func (CertificateRequestStatus_State) Descriptor 

func (CertificateRequestStatus_State) Descriptor() protoreflect.EnumDescriptor

func (CertificateRequestStatus_State) Enum 

func (x CertificateRequestStatus_State) Enum() *CertificateRequestStatus_State

func (CertificateRequestStatus_State) EnumDescriptor deprecated 

func (CertificateRequestStatus_State) EnumDescriptor() ([]byte, []int)

Deprecated: Use CertificateRequestStatus_State.Descriptor instead.

func (CertificateRequestStatus_State) Number 

func (x CertificateRequestStatus_State) Number() protoreflect.EnumNumber

func (CertificateRequestStatus_State) String 

func (x CertificateRequestStatus_State) String() string

func (CertificateRequestStatus_State) Type 

func (CertificateRequestStatus_State) Type() protoreflect.EnumType

type CertificateRequestTransitionFunction 

type CertificateRequestTransitionFunction func(existing, desired *CertificateRequest) error

CertificateRequestTransitionFunction instructs the CertificateRequestWriter how to transition between an existing CertificateRequest object and a desired on an Upsert

type CertificateRequestWriter 

type CertificateRequestWriter interface {
	// Create saves the CertificateRequest object.
	CreateCertificateRequest(ctx context.Context, obj *CertificateRequest, opts ...client.CreateOption) error

	// Delete deletes the CertificateRequest object.
	DeleteCertificateRequest(ctx context.Context, key client.ObjectKey, opts ...client.DeleteOption) error

	// Update updates the given CertificateRequest object.
	UpdateCertificateRequest(ctx context.Context, obj *CertificateRequest, opts ...client.UpdateOption) error

	// Patch patches the given CertificateRequest object.
	PatchCertificateRequest(ctx context.Context, obj *CertificateRequest, patch client.Patch, opts ...client.PatchOption) error

	// DeleteAllOf deletes all CertificateRequest objects matching the given options.
	DeleteAllOfCertificateRequest(ctx context.Context, opts ...client.DeleteAllOfOption) error

	// Create or Update the CertificateRequest object.
	UpsertCertificateRequest(ctx context.Context, obj *CertificateRequest, transitionFuncs ...CertificateRequestTransitionFunction) error
}

Writer knows how to create, delete, and update CertificateRequests.

type Clientset 

type Clientset interface {
	// clienset for the certificates.mesh.gloo.solo.io/v1/v1 APIs
	IssuedCertificates() IssuedCertificateClient
	// clienset for the certificates.mesh.gloo.solo.io/v1/v1 APIs
	CertificateRequests() CertificateRequestClient
	// clienset for the certificates.mesh.gloo.solo.io/v1/v1 APIs
	PodBounceDirectives() PodBounceDirectiveClient
}

clienset for the certificates.mesh.gloo.solo.io/v1 APIs

func NewClientset 

func NewClientset(client client.Client) Clientset

func NewClientsetFromConfig 

func NewClientsetFromConfig(cfg *rest.Config) (Clientset, error)

type CommonCertOptions added in v1.1.0 

type CommonCertOptions struct {

	// Number of days before root cert expires. Defaults to 365.
	TtlDays uint32 `protobuf:"varint,1,opt,name=ttl_days,json=ttlDays,proto3" json:"ttl_days,omitempty"`
	// Size in bytes of the root cert's private key. Defaults to 4096.
	RsaKeySizeBytes uint32 `protobuf:"varint,2,opt,name=rsa_key_size_bytes,json=rsaKeySizeBytes,proto3" json:"rsa_key_size_bytes,omitempty"`
	// Root cert organization name. Defaults to "gloo-mesh".
	OrgName string `protobuf:"bytes,3,opt,name=org_name,json=orgName,proto3" json:"org_name,omitempty"`
	// The ratio of cert lifetime to refresh a cert. For example, at 0.10 and 1 hour TTL,
	// we would refresh 6 minutes before expiration
	SecretRotationGracePeriodRatio float32 `` /* 159-byte string literal not displayed */
	// contains filtered or unexported fields
}

Configuration for generating a self-signed root certificate. Uses the X.509 format, RFC5280.

func (*CommonCertOptions) Descriptor deprecated added in v1.1.0 

func (*CommonCertOptions) Descriptor() ([]byte, []int)

Deprecated: Use CommonCertOptions.ProtoReflect.Descriptor instead.

func (*CommonCertOptions) Equal added in v1.1.0 

func (m *CommonCertOptions) Equal(that interface{}) bool

Equal function

func (*CommonCertOptions) GetOrgName added in v1.1.0 

func (x *CommonCertOptions) GetOrgName() string

func (*CommonCertOptions) GetRsaKeySizeBytes added in v1.1.0 

func (x *CommonCertOptions) GetRsaKeySizeBytes() uint32

func (*CommonCertOptions) GetSecretRotationGracePeriodRatio added in v1.1.0 

func (x *CommonCertOptions) GetSecretRotationGracePeriodRatio() float32

func (*CommonCertOptions) GetTtlDays added in v1.1.0 

func (x *CommonCertOptions) GetTtlDays() uint32

func (*CommonCertOptions) ProtoMessage added in v1.1.0 

func (*CommonCertOptions) ProtoMessage()

func (*CommonCertOptions) ProtoReflect added in v1.1.0 

func (x *CommonCertOptions) ProtoReflect() protoreflect.Message

func (*CommonCertOptions) Reset added in v1.1.0 

func (x *CommonCertOptions) Reset()

func (*CommonCertOptions) String added in v1.1.0 

func (x *CommonCertOptions) String() string

type IntermediateCertificateAuthority added in v1.1.0 

type IntermediateCertificateAuthority struct {

	// Specify the source of the Root CA data which Gloo Mesh will use for the VirtualMesh.
	//
	// Types that are assignable to CaSource:
	//	*IntermediateCertificateAuthority_Vault
	CaSource isIntermediateCertificateAuthority_CaSource `protobuf_oneof:"ca_source"`
	// contains filtered or unexported fields
}

Specify parameters for configuring the root certificate authority for a VirtualMesh.

func (*IntermediateCertificateAuthority) Descriptor deprecated added in v1.1.0 

func (*IntermediateCertificateAuthority) Descriptor() ([]byte, []int)

Deprecated: Use IntermediateCertificateAuthority.ProtoReflect.Descriptor instead.

func (*IntermediateCertificateAuthority) Equal added in v1.1.0 

func (m *IntermediateCertificateAuthority) Equal(that interface{}) bool

Equal function

func (*IntermediateCertificateAuthority) GetCaSource added in v1.1.0 

func (m *IntermediateCertificateAuthority) GetCaSource() isIntermediateCertificateAuthority_CaSource

func (*IntermediateCertificateAuthority) GetVault added in v1.1.0 

func (x *IntermediateCertificateAuthority) GetVault() *VaultCA

func (*IntermediateCertificateAuthority) ProtoMessage added in v1.1.0 

func (*IntermediateCertificateAuthority) ProtoMessage()

func (*IntermediateCertificateAuthority) ProtoReflect added in v1.1.0 

func (x *IntermediateCertificateAuthority) ProtoReflect() protoreflect.Message

func (*IntermediateCertificateAuthority) Reset added in v1.1.0 

func (x *IntermediateCertificateAuthority) Reset()

func (*IntermediateCertificateAuthority) String added in v1.1.0 

func (x *IntermediateCertificateAuthority) String() string

type IntermediateCertificateAuthority_Vault added in v1.1.0 

type IntermediateCertificateAuthority_Vault struct {
	// Use vault as the intermediate CA source
	Vault *VaultCA `protobuf:"bytes,1,opt,name=vault,proto3,oneof"`
}

type IssuedCertificate 

type IssuedCertificate struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   IssuedCertificateSpec   `json:"spec,omitempty"`
	Status IssuedCertificateStatus `json:"status,omitempty"`
}

IssuedCertificate is the Schema for the issuedCertificate API

func (*IssuedCertificate) DeepCopy 

func (in *IssuedCertificate) DeepCopy() *IssuedCertificate

func (*IssuedCertificate) DeepCopyInto 

func (in *IssuedCertificate) DeepCopyInto(out *IssuedCertificate)

func (*IssuedCertificate) DeepCopyObject 

func (in *IssuedCertificate) DeepCopyObject() runtime.Object

func (IssuedCertificate) GVK 

func (IssuedCertificate) GVK() schema.GroupVersionKind

GVK returns the GroupVersionKind associated with the resource type.

type IssuedCertificateClient 

type IssuedCertificateClient interface {
	IssuedCertificateReader
	IssuedCertificateWriter
	IssuedCertificateStatusWriter
}

Client knows how to perform CRUD operations on IssuedCertificates.

type IssuedCertificateList 

type IssuedCertificateList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []IssuedCertificate `json:"items"`
}

IssuedCertificateList contains a list of IssuedCertificate

func (*IssuedCertificateList) DeepCopy 

func (in *IssuedCertificateList) DeepCopy() *IssuedCertificateList

func (*IssuedCertificateList) DeepCopyInto 

func (in *IssuedCertificateList) DeepCopyInto(out *IssuedCertificateList)

func (*IssuedCertificateList) DeepCopyObject 

func (in *IssuedCertificateList) DeepCopyObject() runtime.Object

type IssuedCertificateReader 

type IssuedCertificateReader interface {
	// Get retrieves a IssuedCertificate for the given object key
	GetIssuedCertificate(ctx context.Context, key client.ObjectKey) (*IssuedCertificate, error)

	// List retrieves list of IssuedCertificates for a given namespace and list options.
	ListIssuedCertificate(ctx context.Context, opts ...client.ListOption) (*IssuedCertificateList, error)
}

Reader knows how to read and list IssuedCertificates.

type IssuedCertificateSlice 

type IssuedCertificateSlice []*IssuedCertificate

IssuedCertificateSlice represents a slice of *IssuedCertificate

type IssuedCertificateSpec 

type IssuedCertificateSpec struct {

	//
	//A list of hostnames and IPs to generate a certificate for.
	//This can also be set to the identity running the workload,
	//e.g. a Kubernetes service account.
	//
	//Generally for an Istio CA this will take the form `spiffe://cluster.local/ns/istio-system/sa/citadel`.
	//
	//"cluster.local" may be replaced by the root of trust domain for the mesh.
	Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"`
	// DEPRECATED: in favor of `common_cert_options.org_name`
	Org string `protobuf:"bytes,2,opt,name=org,proto3" json:"org,omitempty"`
	// DEPRECATED: in favor of `gloo_mesh_ca.signing_certificate_secret`
	// The secret containing the root SSL certificate used to sign this IssuedCertificate (located in the certificate issuer's cluster).
	SigningCertificateSecret *v1.ObjectRef `` /* 135-byte string literal not displayed */
	// The secret containing the SSL certificate to be generated for this IssuedCertificate (located in the Gloo Mesh agent's cluster).
	// If nil, the sidecar agent stores the signing certificate in memory. (Enterprise only)
	IssuedCertificateSecret *v1.ObjectRef `` /* 132-byte string literal not displayed */
	// A reference to a PodBounceDirective specifying a list of Kubernetes pods to bounce
	// (delete and cause a restart) when the certificate is issued.
	//
	// Istio-controlled pods require restarting in order for Envoy proxies to pick up the newly issued certificate
	// due to [this issue](https://github.com/istio/istio/issues/22993).
	//
	// This will include the control plane pods as well as any Pods
	// which share a data plane with the target mesh.
	PodBounceDirective *v1.ObjectRef `protobuf:"bytes,5,opt,name=pod_bounce_directive,json=podBounceDirective,proto3" json:"pod_bounce_directive,omitempty"`
	// Set of options to configure the intermediate certificate being generated
	CertOptions *CommonCertOptions `protobuf:"bytes,6,opt,name=cert_options,json=certOptions,proto3" json:"cert_options,omitempty"`
	// The location of the certificate authority to sign this certificate
	//
	// Types that are assignable to CertificateAuthority:
	//	*IssuedCertificateSpec_GlooMeshCa
	//	*IssuedCertificateSpec_AgentCa
	CertificateAuthority isIssuedCertificateSpec_CertificateAuthority `protobuf_oneof:"certificate_authority"`
	// contains filtered or unexported fields
}

IssuedCertificates are used to issue SSL certificates to remote Kubernetes clusters from a central (out-of-cluster) Certificate Authority.

When an IssuedCertificate is created, a certificate is issued to a remote cluster by a central Certificate Authority via the following workflow:

1. The Certificate Issuer creates the IssuedCertificate resource on the remote cluster 2. The Certificate Signature Requesting Agent installed to the remote cluster generates a Certificate Signing Request and writes it to the status of the IssuedCertificate 3. Finally, the Certificate Issuer generates signed a certificate for the CSR and writes it back as Kubernetes Secret in the remote cluster.

Trust can therefore be established across clusters without requiring private keys to ever leave the node.

func (*IssuedCertificateSpec) DeepCopyInto 

func (in *IssuedCertificateSpec) DeepCopyInto(out *IssuedCertificateSpec)

DeepCopyInto for the IssuedCertificate.Spec

func (*IssuedCertificateSpec) Descriptor deprecated 

func (*IssuedCertificateSpec) Descriptor() ([]byte, []int)

Deprecated: Use IssuedCertificateSpec.ProtoReflect.Descriptor instead.

func (*IssuedCertificateSpec) Equal 

func (m *IssuedCertificateSpec) Equal(that interface{}) bool

Equal function

func (*IssuedCertificateSpec) GetAgentCa added in v1.1.0 

func (x *IssuedCertificateSpec) GetAgentCa() *IntermediateCertificateAuthority

func (*IssuedCertificateSpec) GetCertOptions added in v1.1.0 

func (x *IssuedCertificateSpec) GetCertOptions() *CommonCertOptions

func (*IssuedCertificateSpec) GetCertificateAuthority added in v1.1.0 

func (m *IssuedCertificateSpec) GetCertificateAuthority() isIssuedCertificateSpec_CertificateAuthority

func (*IssuedCertificateSpec) GetGlooMeshCa added in v1.1.0 

func (x *IssuedCertificateSpec) GetGlooMeshCa() *RootCertificateAuthority

func (*IssuedCertificateSpec) GetHosts 

func (x *IssuedCertificateSpec) GetHosts() []string

func (*IssuedCertificateSpec) GetIssuedCertificateSecret 

func (x *IssuedCertificateSpec) GetIssuedCertificateSecret() *v1.ObjectRef

func (*IssuedCertificateSpec) GetOrg 

func (x *IssuedCertificateSpec) GetOrg() string

func (*IssuedCertificateSpec) GetPodBounceDirective 

func (x *IssuedCertificateSpec) GetPodBounceDirective() *v1.ObjectRef

func (*IssuedCertificateSpec) GetSigningCertificateSecret 

func (x *IssuedCertificateSpec) GetSigningCertificateSecret() *v1.ObjectRef

func (*IssuedCertificateSpec) MarshalJSON 

func (this *IssuedCertificateSpec) MarshalJSON() ([]byte, error)

MarshalJSON is a custom marshaler for IssuedCertificateSpec

func (*IssuedCertificateSpec) ProtoMessage 

func (*IssuedCertificateSpec) ProtoMessage()

func (*IssuedCertificateSpec) ProtoReflect 

func (x *IssuedCertificateSpec) ProtoReflect() protoreflect.Message

func (*IssuedCertificateSpec) Reset 

func (x *IssuedCertificateSpec) Reset()

func (*IssuedCertificateSpec) String 

func (x *IssuedCertificateSpec) String() string

func (*IssuedCertificateSpec) UnmarshalJSON 

func (this *IssuedCertificateSpec) UnmarshalJSON(b []byte) error

UnmarshalJSON is a custom unmarshaler for IssuedCertificateSpec

type IssuedCertificateSpec_AgentCa added in v1.1.0 

type IssuedCertificateSpec_AgentCa struct {
	// Agent CA options
	AgentCa *IntermediateCertificateAuthority `protobuf:"bytes,8,opt,name=agent_ca,json=agentCa,proto3,oneof"`
}

type IssuedCertificateSpec_GlooMeshCa added in v1.1.0 

type IssuedCertificateSpec_GlooMeshCa struct {
	// Gloo Mesh CA options
	GlooMeshCa *RootCertificateAuthority `protobuf:"bytes,7,opt,name=gloo_mesh_ca,json=glooMeshCa,proto3,oneof"`
}

type IssuedCertificateStatus 

type IssuedCertificateStatus struct {

	// The most recent generation observed in the the IssuedCertificate metadata.
	// If the `observedGeneration` does not match `metadata.generation`, the Gloo Mesh agent has not processed the most
	// recent version of this IssuedCertificate.
	ObservedGeneration int64 `protobuf:"varint,1,opt,name=observed_generation,json=observedGeneration,proto3" json:"observed_generation,omitempty"`
	// Any error observed which prevented the CertificateRequest from being processed.
	// If the error is empty, the request has been processed successfully.
	Error string `protobuf:"bytes,2,opt,name=error,proto3" json:"error,omitempty"`
	// The current state of the IssuedCertificate workflow, reported by the agent.
	State IssuedCertificateStatus_State `` /* 130-byte string literal not displayed */
	// contains filtered or unexported fields
}

The IssuedCertificate status is written by the CertificateRequesting agent.

func (*IssuedCertificateStatus) DeepCopyInto 

func (in *IssuedCertificateStatus) DeepCopyInto(out *IssuedCertificateStatus)

DeepCopyInto for the IssuedCertificate.Status

func (*IssuedCertificateStatus) Descriptor deprecated 

func (*IssuedCertificateStatus) Descriptor() ([]byte, []int)

Deprecated: Use IssuedCertificateStatus.ProtoReflect.Descriptor instead.

func (*IssuedCertificateStatus) Equal 

func (m *IssuedCertificateStatus) Equal(that interface{}) bool

Equal function

func (*IssuedCertificateStatus) GetError 

func (x *IssuedCertificateStatus) GetError() string

func (*IssuedCertificateStatus) GetObservedGeneration 

func (x *IssuedCertificateStatus) GetObservedGeneration() int64

func (*IssuedCertificateStatus) GetState 

func (x *IssuedCertificateStatus) GetState() IssuedCertificateStatus_State

func (*IssuedCertificateStatus) MarshalJSON 

func (this *IssuedCertificateStatus) MarshalJSON() ([]byte, error)

MarshalJSON is a custom marshaler for IssuedCertificateStatus

func (*IssuedCertificateStatus) ProtoMessage 

func (*IssuedCertificateStatus) ProtoMessage()

func (*IssuedCertificateStatus) ProtoReflect 

func (x *IssuedCertificateStatus) ProtoReflect() protoreflect.Message

func (*IssuedCertificateStatus) Reset 

func (x *IssuedCertificateStatus) Reset()

func (*IssuedCertificateStatus) String 

func (x *IssuedCertificateStatus) String() string

func (*IssuedCertificateStatus) UnmarshalJSON 

func (this *IssuedCertificateStatus) UnmarshalJSON(b []byte) error

UnmarshalJSON is a custom unmarshaler for IssuedCertificateStatus

type IssuedCertificateStatusWriter 

type IssuedCertificateStatusWriter interface {
	// Update updates the fields corresponding to the status subresource for the
	// given IssuedCertificate object.
	UpdateIssuedCertificateStatus(ctx context.Context, obj *IssuedCertificate, opts ...client.UpdateOption) error

	// Patch patches the given IssuedCertificate object's subresource.
	PatchIssuedCertificateStatus(ctx context.Context, obj *IssuedCertificate, patch client.Patch, opts ...client.PatchOption) error
}

StatusWriter knows how to update status subresource of a IssuedCertificate object.

type IssuedCertificateStatus_State 

type IssuedCertificateStatus_State int32

Possible states in which an IssuedCertificate can exist. 

const (
	// The IssuedCertificate has yet to be picked up by the agent.
	IssuedCertificateStatus_PENDING IssuedCertificateStatus_State = 0
	// The agent has created a local private key
	// and a CertificateRequest for the IssuedCertificate.
	// In this state, the agent is waiting for the Issuer
	// to issue certificates for the CertificateRequest before proceeding.
	IssuedCertificateStatus_REQUESTED IssuedCertificateStatus_State = 1
	// The certificate has been issued. Any pods that require restarting will be restarted at this point.
	IssuedCertificateStatus_ISSUED IssuedCertificateStatus_State = 2
	// The reply from the Issuer has been processed and
	// the agent has placed the final certificate secret
	// in the target location specified by the IssuedCertificate.
	IssuedCertificateStatus_FINISHED IssuedCertificateStatus_State = 3
	// Processing the certificate workflow failed.
	IssuedCertificateStatus_FAILED IssuedCertificateStatus_State = 4
)

func (IssuedCertificateStatus_State) Descriptor 

func (IssuedCertificateStatus_State) Descriptor() protoreflect.EnumDescriptor

func (IssuedCertificateStatus_State) Enum 

func (x IssuedCertificateStatus_State) Enum() *IssuedCertificateStatus_State

func (IssuedCertificateStatus_State) EnumDescriptor deprecated 

func (IssuedCertificateStatus_State) EnumDescriptor() ([]byte, []int)

Deprecated: Use IssuedCertificateStatus_State.Descriptor instead.

func (IssuedCertificateStatus_State) Number 

func (x IssuedCertificateStatus_State) Number() protoreflect.EnumNumber

func (IssuedCertificateStatus_State) String 

func (x IssuedCertificateStatus_State) String() string

func (IssuedCertificateStatus_State) Type 

func (IssuedCertificateStatus_State) Type() protoreflect.EnumType

type IssuedCertificateTransitionFunction 

type IssuedCertificateTransitionFunction func(existing, desired *IssuedCertificate) error

IssuedCertificateTransitionFunction instructs the IssuedCertificateWriter how to transition between an existing IssuedCertificate object and a desired on an Upsert

type IssuedCertificateWriter 

type IssuedCertificateWriter interface {
	// Create saves the IssuedCertificate object.
	CreateIssuedCertificate(ctx context.Context, obj *IssuedCertificate, opts ...client.CreateOption) error

	// Delete deletes the IssuedCertificate object.
	DeleteIssuedCertificate(ctx context.Context, key client.ObjectKey, opts ...client.DeleteOption) error

	// Update updates the given IssuedCertificate object.
	UpdateIssuedCertificate(ctx context.Context, obj *IssuedCertificate, opts ...client.UpdateOption) error

	// Patch patches the given IssuedCertificate object.
	PatchIssuedCertificate(ctx context.Context, obj *IssuedCertificate, patch client.Patch, opts ...client.PatchOption) error

	// DeleteAllOf deletes all IssuedCertificate objects matching the given options.
	DeleteAllOfIssuedCertificate(ctx context.Context, opts ...client.DeleteAllOfOption) error

	// Create or Update the IssuedCertificate object.
	UpsertIssuedCertificate(ctx context.Context, obj *IssuedCertificate, transitionFuncs ...IssuedCertificateTransitionFunction) error
}

Writer knows how to create, delete, and update IssuedCertificates.

type MulticlusterCertificateRequestClient 

type MulticlusterCertificateRequestClient interface {
	// Cluster returns a CertificateRequestClient for the given cluster
	Cluster(cluster string) (CertificateRequestClient, error)
}

Provides CertificateRequestClients for multiple clusters.

func NewMulticlusterCertificateRequestClient 

func NewMulticlusterCertificateRequestClient(client multicluster.Client) MulticlusterCertificateRequestClient

type MulticlusterClientset 

type MulticlusterClientset interface {
	// Cluster returns a Clientset for the given cluster
	Cluster(cluster string) (Clientset, error)
}

MulticlusterClientset for the certificates.mesh.gloo.solo.io/v1 APIs

func NewMulticlusterClientset 

func NewMulticlusterClientset(client multicluster.Client) MulticlusterClientset

type MulticlusterIssuedCertificateClient 

type MulticlusterIssuedCertificateClient interface {
	// Cluster returns a IssuedCertificateClient for the given cluster
	Cluster(cluster string) (IssuedCertificateClient, error)
}

Provides IssuedCertificateClients for multiple clusters.

func NewMulticlusterIssuedCertificateClient 

func NewMulticlusterIssuedCertificateClient(client multicluster.Client) MulticlusterIssuedCertificateClient

type MulticlusterPodBounceDirectiveClient 

type MulticlusterPodBounceDirectiveClient interface {
	// Cluster returns a PodBounceDirectiveClient for the given cluster
	Cluster(cluster string) (PodBounceDirectiveClient, error)
}

Provides PodBounceDirectiveClients for multiple clusters.

func NewMulticlusterPodBounceDirectiveClient 

func NewMulticlusterPodBounceDirectiveClient(client multicluster.Client) MulticlusterPodBounceDirectiveClient

type PodBounceDirective 

type PodBounceDirective struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   PodBounceDirectiveSpec   `json:"spec,omitempty"`
	Status PodBounceDirectiveStatus `json:"status,omitempty"`
}

PodBounceDirective is the Schema for the podBounceDirective API

func (*PodBounceDirective) DeepCopy 

func (in *PodBounceDirective) DeepCopy() *PodBounceDirective

func (*PodBounceDirective) DeepCopyInto 

func (in *PodBounceDirective) DeepCopyInto(out *PodBounceDirective)

func (*PodBounceDirective) DeepCopyObject 

func (in *PodBounceDirective) DeepCopyObject() runtime.Object

func (PodBounceDirective) GVK 

func (PodBounceDirective) GVK() schema.GroupVersionKind

GVK returns the GroupVersionKind associated with the resource type.

type PodBounceDirectiveClient 

type PodBounceDirectiveClient interface {
	PodBounceDirectiveReader
	PodBounceDirectiveWriter
	PodBounceDirectiveStatusWriter
}

Client knows how to perform CRUD operations on PodBounceDirectives.

type PodBounceDirectiveList 

type PodBounceDirectiveList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []PodBounceDirective `json:"items"`
}

PodBounceDirectiveList contains a list of PodBounceDirective

func (*PodBounceDirectiveList) DeepCopy 

func (in *PodBounceDirectiveList) DeepCopy() *PodBounceDirectiveList

func (*PodBounceDirectiveList) DeepCopyInto 

func (in *PodBounceDirectiveList) DeepCopyInto(out *PodBounceDirectiveList)

func (*PodBounceDirectiveList) DeepCopyObject 

func (in *PodBounceDirectiveList) DeepCopyObject() runtime.Object

type PodBounceDirectiveReader 

type PodBounceDirectiveReader interface {
	// Get retrieves a PodBounceDirective for the given object key
	GetPodBounceDirective(ctx context.Context, key client.ObjectKey) (*PodBounceDirective, error)

	// List retrieves list of PodBounceDirectives for a given namespace and list options.
	ListPodBounceDirective(ctx context.Context, opts ...client.ListOption) (*PodBounceDirectiveList, error)
}

Reader knows how to read and list PodBounceDirectives.

type PodBounceDirectiveSlice 

type PodBounceDirectiveSlice []*PodBounceDirective

PodBounceDirectiveSlice represents a slice of *PodBounceDirective

type PodBounceDirectiveSpec 

type PodBounceDirectiveSpec struct {

	// A list of Kubernetes pods to bounce (delete and cause a restart)
	// when the certificate is issued.
	// This will include the control plane pods as well as any Pods
	// which share a data plane with the target mesh.
	PodsToBounce []*PodBounceDirectiveSpec_PodSelector `protobuf:"bytes,6,rep,name=pods_to_bounce,json=podsToBounce,proto3" json:"pods_to_bounce,omitempty"`
	// contains filtered or unexported fields
}

When certificates are issued, Istio-controlled pods need to be bounced (restarted) to ensure they pick up the new certificates due to [this issue](https://github.com/istio/istio/issues/22993). The certificate issuer will create a PodBounceDirective containing the namespaces and labels of the pods that need to be bounced in order to pick up the new certs.

func (*PodBounceDirectiveSpec) DeepCopyInto 

func (in *PodBounceDirectiveSpec) DeepCopyInto(out *PodBounceDirectiveSpec)

DeepCopyInto for the PodBounceDirective.Spec

func (*PodBounceDirectiveSpec) Descriptor deprecated 

func (*PodBounceDirectiveSpec) Descriptor() ([]byte, []int)

Deprecated: Use PodBounceDirectiveSpec.ProtoReflect.Descriptor instead.

func (*PodBounceDirectiveSpec) Equal 

func (m *PodBounceDirectiveSpec) Equal(that interface{}) bool

Equal function

func (*PodBounceDirectiveSpec) GetPodsToBounce 

func (x *PodBounceDirectiveSpec) GetPodsToBounce() []*PodBounceDirectiveSpec_PodSelector

func (*PodBounceDirectiveSpec) MarshalJSON 

func (this *PodBounceDirectiveSpec) MarshalJSON() ([]byte, error)

MarshalJSON is a custom marshaler for PodBounceDirectiveSpec

func (*PodBounceDirectiveSpec) ProtoMessage 

func (*PodBounceDirectiveSpec) ProtoMessage()

func (*PodBounceDirectiveSpec) ProtoReflect 

func (x *PodBounceDirectiveSpec) ProtoReflect() protoreflect.Message

func (*PodBounceDirectiveSpec) Reset 

func (x *PodBounceDirectiveSpec) Reset()

func (*PodBounceDirectiveSpec) String 

func (x *PodBounceDirectiveSpec) String() string

func (*PodBounceDirectiveSpec) UnmarshalJSON 

func (this *PodBounceDirectiveSpec) UnmarshalJSON(b []byte) error

UnmarshalJSON is a custom unmarshaler for PodBounceDirectiveSpec

type PodBounceDirectiveSpec_PodSelector 

type PodBounceDirectiveSpec_PodSelector struct {

	// The namespace in which the pods live.
	Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"`
	// Any labels shared by the Pods.
	Labels map[string]string `` /* 153-byte string literal not displayed */
	// Wait for this number of replacement pods to reach be fully ready before
	// deleting the next set of selected Pods.
	// This is used to ensure the control plane pods are allowed to restart
	// before sidecars and gateways are restarted.
	WaitForReplicas uint32 `protobuf:"varint,3,opt,name=wait_for_replicas,json=waitForReplicas,proto3" json:"wait_for_replicas,omitempty"`
	// Wait for the control plane to have synced all root cert configmaps in data plane namespaces before
	// bouncing these Pods.
	RootCertSync *PodBounceDirectiveSpec_PodSelector_RootCertSync `protobuf:"bytes,4,opt,name=root_cert_sync,json=rootCertSync,proto3" json:"root_cert_sync,omitempty"`
	// contains filtered or unexported fields
}

pods that will be restarted.

func (*PodBounceDirectiveSpec_PodSelector) Descriptor deprecated 

func (*PodBounceDirectiveSpec_PodSelector) Descriptor() ([]byte, []int)

Deprecated: Use PodBounceDirectiveSpec_PodSelector.ProtoReflect.Descriptor instead.

func (*PodBounceDirectiveSpec_PodSelector) Equal 

func (m *PodBounceDirectiveSpec_PodSelector) Equal(that interface{}) bool

Equal function

func (*PodBounceDirectiveSpec_PodSelector) GetLabels 

func (x *PodBounceDirectiveSpec_PodSelector) GetLabels() map[string]string

func (*PodBounceDirectiveSpec_PodSelector) GetNamespace 

func (x *PodBounceDirectiveSpec_PodSelector) GetNamespace() string

func (*PodBounceDirectiveSpec_PodSelector) GetRootCertSync 

func (x *PodBounceDirectiveSpec_PodSelector) GetRootCertSync() *PodBounceDirectiveSpec_PodSelector_RootCertSync

func (*PodBounceDirectiveSpec_PodSelector) GetWaitForReplicas 

func (x *PodBounceDirectiveSpec_PodSelector) GetWaitForReplicas() uint32

func (*PodBounceDirectiveSpec_PodSelector) ProtoMessage 

func (*PodBounceDirectiveSpec_PodSelector) ProtoMessage()

func (*PodBounceDirectiveSpec_PodSelector) ProtoReflect 

func (x *PodBounceDirectiveSpec_PodSelector) ProtoReflect() protoreflect.Message

func (*PodBounceDirectiveSpec_PodSelector) Reset 

func (x *PodBounceDirectiveSpec_PodSelector) Reset()

func (*PodBounceDirectiveSpec_PodSelector) String 

func (x *PodBounceDirectiveSpec_PodSelector) String() string

type PodBounceDirectiveSpec_PodSelector_RootCertSync 

type PodBounceDirectiveSpec_PodSelector_RootCertSync struct {
	SecretRef    *v1.ObjectRef `protobuf:"bytes,1,opt,name=secret_ref,json=secretRef,proto3" json:"secret_ref,omitempty"`
	SecretKey    string        `protobuf:"bytes,2,opt,name=secret_key,json=secretKey,proto3" json:"secret_key,omitempty"`
	ConfigMapRef *v1.ObjectRef `protobuf:"bytes,3,opt,name=config_map_ref,json=configMapRef,proto3" json:"config_map_ref,omitempty"`
	ConfigMapKey string        `protobuf:"bytes,4,opt,name=config_map_key,json=configMapKey,proto3" json:"config_map_key,omitempty"`
	// contains filtered or unexported fields
}

RootCertSync describes values in a secret and configmap which must be equal in order for a Pod to be bounced.

func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) Descriptor deprecated 

func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) Descriptor() ([]byte, []int)

Deprecated: Use PodBounceDirectiveSpec_PodSelector_RootCertSync.ProtoReflect.Descriptor instead.

func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) Equal 

func (m *PodBounceDirectiveSpec_PodSelector_RootCertSync) Equal(that interface{}) bool

Equal function

func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) GetConfigMapKey 

func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) GetConfigMapKey() string

func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) GetConfigMapRef 

func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) GetConfigMapRef() *v1.ObjectRef

func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) GetSecretKey 

func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) GetSecretKey() string

func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) GetSecretRef 

func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) GetSecretRef() *v1.ObjectRef

func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) ProtoMessage 

func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) ProtoMessage()

func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) ProtoReflect 

func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) ProtoReflect() protoreflect.Message

func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) Reset 

func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) Reset()

func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) String 

func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) String() string

type PodBounceDirectiveStatus 

type PodBounceDirectiveStatus struct {

	// A list of Kubernetes pods to bounce (delete and cause a restart)
	// when the certificate is issued.
	// This will include the control plane pods as well as any Pods
	// which share a data plane with the target mesh.
	PodsBounced []*PodBounceDirectiveStatus_BouncedPodSet `protobuf:"bytes,4,rep,name=pods_bounced,json=podsBounced,proto3" json:"pods_bounced,omitempty"`
	// contains filtered or unexported fields
}

PodBounceDirectiveStatus reports the status for stateful Pod bounces (when bouncing pods requires waiting for readiness).

func (*PodBounceDirectiveStatus) DeepCopyInto 

func (in *PodBounceDirectiveStatus) DeepCopyInto(out *PodBounceDirectiveStatus)

DeepCopyInto for the PodBounceDirective.Status

func (*PodBounceDirectiveStatus) Descriptor deprecated 

func (*PodBounceDirectiveStatus) Descriptor() ([]byte, []int)

Deprecated: Use PodBounceDirectiveStatus.ProtoReflect.Descriptor instead.

func (*PodBounceDirectiveStatus) Equal 

func (m *PodBounceDirectiveStatus) Equal(that interface{}) bool

Equal function

func (*PodBounceDirectiveStatus) GetPodsBounced 

func (x *PodBounceDirectiveStatus) GetPodsBounced() []*PodBounceDirectiveStatus_BouncedPodSet

func (*PodBounceDirectiveStatus) MarshalJSON 

func (this *PodBounceDirectiveStatus) MarshalJSON() ([]byte, error)

MarshalJSON is a custom marshaler for PodBounceDirectiveStatus

func (*PodBounceDirectiveStatus) ProtoMessage 

func (*PodBounceDirectiveStatus) ProtoMessage()

func (*PodBounceDirectiveStatus) ProtoReflect 

func (x *PodBounceDirectiveStatus) ProtoReflect() protoreflect.Message

func (*PodBounceDirectiveStatus) Reset 

func (x *PodBounceDirectiveStatus) Reset()

func (*PodBounceDirectiveStatus) String 

func (x *PodBounceDirectiveStatus) String() string

func (*PodBounceDirectiveStatus) UnmarshalJSON 

func (this *PodBounceDirectiveStatus) UnmarshalJSON(b []byte) error

UnmarshalJSON is a custom unmarshaler for PodBounceDirectiveStatus

type PodBounceDirectiveStatusWriter 

type PodBounceDirectiveStatusWriter interface {
	// Update updates the fields corresponding to the status subresource for the
	// given PodBounceDirective object.
	UpdatePodBounceDirectiveStatus(ctx context.Context, obj *PodBounceDirective, opts ...client.UpdateOption) error

	// Patch patches the given PodBounceDirective object's subresource.
	PatchPodBounceDirectiveStatus(ctx context.Context, obj *PodBounceDirective, patch client.Patch, opts ...client.PatchOption) error
}

StatusWriter knows how to update status subresource of a PodBounceDirective object.

type PodBounceDirectiveStatus_BouncedPodSet 

type PodBounceDirectiveStatus_BouncedPodSet struct {

	// The names of the pods that were bounced for the corresponding selector specified in `PodBounceDirectiveSpec.PodSelector.labels`.
	BouncedPods []string `protobuf:"bytes,1,rep,name=bounced_pods,json=bouncedPods,proto3" json:"bounced_pods,omitempty"`
	// contains filtered or unexported fields
}

A set of pods that were restarted.

func (*PodBounceDirectiveStatus_BouncedPodSet) Descriptor deprecated 

func (*PodBounceDirectiveStatus_BouncedPodSet) Descriptor() ([]byte, []int)

Deprecated: Use PodBounceDirectiveStatus_BouncedPodSet.ProtoReflect.Descriptor instead.

func (*PodBounceDirectiveStatus_BouncedPodSet) Equal 

func (m *PodBounceDirectiveStatus_BouncedPodSet) Equal(that interface{}) bool

Equal function

func (*PodBounceDirectiveStatus_BouncedPodSet) GetBouncedPods 

func (x *PodBounceDirectiveStatus_BouncedPodSet) GetBouncedPods() []string

func (*PodBounceDirectiveStatus_BouncedPodSet) ProtoMessage 

func (*PodBounceDirectiveStatus_BouncedPodSet) ProtoMessage()

func (*PodBounceDirectiveStatus_BouncedPodSet) ProtoReflect 

func (x *PodBounceDirectiveStatus_BouncedPodSet) ProtoReflect() protoreflect.Message

func (*PodBounceDirectiveStatus_BouncedPodSet) Reset 

func (x *PodBounceDirectiveStatus_BouncedPodSet) Reset()

func (*PodBounceDirectiveStatus_BouncedPodSet) String 

func (x *PodBounceDirectiveStatus_BouncedPodSet) String() string

type PodBounceDirectiveTransitionFunction 

type PodBounceDirectiveTransitionFunction func(existing, desired *PodBounceDirective) error

PodBounceDirectiveTransitionFunction instructs the PodBounceDirectiveWriter how to transition between an existing PodBounceDirective object and a desired on an Upsert

type PodBounceDirectiveWriter 

type PodBounceDirectiveWriter interface {
	// Create saves the PodBounceDirective object.
	CreatePodBounceDirective(ctx context.Context, obj *PodBounceDirective, opts ...client.CreateOption) error

	// Delete deletes the PodBounceDirective object.
	DeletePodBounceDirective(ctx context.Context, key client.ObjectKey, opts ...client.DeleteOption) error

	// Update updates the given PodBounceDirective object.
	UpdatePodBounceDirective(ctx context.Context, obj *PodBounceDirective, opts ...client.UpdateOption) error

	// Patch patches the given PodBounceDirective object.
	PatchPodBounceDirective(ctx context.Context, obj *PodBounceDirective, patch client.Patch, opts ...client.PatchOption) error

	// DeleteAllOf deletes all PodBounceDirective objects matching the given options.
	DeleteAllOfPodBounceDirective(ctx context.Context, opts ...client.DeleteAllOfOption) error

	// Create or Update the PodBounceDirective object.
	UpsertPodBounceDirective(ctx context.Context, obj *PodBounceDirective, transitionFuncs ...PodBounceDirectiveTransitionFunction) error
}

Writer knows how to create, delete, and update PodBounceDirectives.

type RootCertificateAuthority added in v1.1.0 

type RootCertificateAuthority struct {

	// Certificate authority which gloo-mesh management will use to sign the intermediate cert
	//
	// Types that are assignable to CertificateAuthority:
	//	*RootCertificateAuthority_SigningCertificateSecret
	CertificateAuthority isRootCertificateAuthority_CertificateAuthority `protobuf_oneof:"certificate_authority"`
	// contains filtered or unexported fields
}

Set of options which represent the certificate authorities the management cluster can use to sign the intermediate certs.

func (*RootCertificateAuthority) Descriptor deprecated added in v1.1.0 

func (*RootCertificateAuthority) Descriptor() ([]byte, []int)

Deprecated: Use RootCertificateAuthority.ProtoReflect.Descriptor instead.

func (*RootCertificateAuthority) Equal added in v1.1.0 

func (m *RootCertificateAuthority) Equal(that interface{}) bool

Equal function

func (*RootCertificateAuthority) GetCertificateAuthority added in v1.1.0 

func (m *RootCertificateAuthority) GetCertificateAuthority() isRootCertificateAuthority_CertificateAuthority

func (*RootCertificateAuthority) GetSigningCertificateSecret added in v1.1.0 

func (x *RootCertificateAuthority) GetSigningCertificateSecret() *v1.ObjectRef

func (*RootCertificateAuthority) ProtoMessage added in v1.1.0 

func (*RootCertificateAuthority) ProtoMessage()

func (*RootCertificateAuthority) ProtoReflect added in v1.1.0 

func (x *RootCertificateAuthority) ProtoReflect() protoreflect.Message

func (*RootCertificateAuthority) Reset added in v1.1.0 

func (x *RootCertificateAuthority) Reset()

func (*RootCertificateAuthority) String added in v1.1.0 

func (x *RootCertificateAuthority) String() string

type RootCertificateAuthority_SigningCertificateSecret added in v1.1.0 

type RootCertificateAuthority_SigningCertificateSecret struct {
	SigningCertificateSecret *v1.ObjectRef `protobuf:"bytes,1,opt,name=signing_certificate_secret,json=signingCertificateSecret,proto3,oneof"`
}

type VaultCA added in v1.1.0 

type VaultCA struct {

	// `ca_path` is the mount path of the Vault PKI backend's `sign` endpoint, e.g:
	// "my_pki_mount/sign/my-role-name".
	CaPath string `protobuf:"bytes,1,opt,name=ca_path,json=caPath,proto3" json:"ca_path,omitempty"`
	// `csr_path` is the mount path of the Vault PKI backend's `generate` endpoint, e.g:
	// "my_pki_mount/intermediate/generate/exported".
	// "exported" is necessary here as istio needs access to the private key
	// See vault docs here: https://www.vaultproject.io/api-docs/secret/pki#parameters-4
	CsrPath string `protobuf:"bytes,2,opt,name=csr_path,json=csrPath,proto3" json:"csr_path,omitempty"`
	// Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".
	Server string `protobuf:"bytes,3,opt,name=server,proto3" json:"server,omitempty"`
	// PEM encoded CA bundle used to validate Vault server certificate. Only used
	// if the Server URL is using HTTPS protocol. This parameter is ignored for
	// plain HTTP protocol connection. If not set the system root certificates
	// are used to validate the TLS connection.
	CaBundle []byte `protobuf:"bytes,4,opt,name=ca_bundle,json=caBundle,proto3" json:"ca_bundle,omitempty"`
	// Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1"
	// More about namespaces can be found [here](https://www.vaultproject.io/docs/enterprise/namespaces)
	Namespace string `protobuf:"bytes,5,opt,name=namespace,proto3" json:"namespace,omitempty"`
	// Types that are assignable to AuthType:
	//	*VaultCA_TokenSecretRef
	//	*VaultCA_KubernetesAuth
	AuthType isVaultCA_AuthType `protobuf_oneof:"auth_type"`
	// contains filtered or unexported fields
}

func (*VaultCA) Descriptor deprecated added in v1.1.0 

func (*VaultCA) Descriptor() ([]byte, []int)

Deprecated: Use VaultCA.ProtoReflect.Descriptor instead.

func (*VaultCA) Equal added in v1.1.0 

func (m *VaultCA) Equal(that interface{}) bool

Equal function

func (*VaultCA) GetAuthType added in v1.1.0 

func (m *VaultCA) GetAuthType() isVaultCA_AuthType

func (*VaultCA) GetCaBundle added in v1.1.0 

func (x *VaultCA) GetCaBundle() []byte

func (*VaultCA) GetCaPath added in v1.1.0 

func (x *VaultCA) GetCaPath() string

func (*VaultCA) GetCsrPath added in v1.1.0 

func (x *VaultCA) GetCsrPath() string

func (*VaultCA) GetKubernetesAuth added in v1.1.0 

func (x *VaultCA) GetKubernetesAuth() *VaultKubernetesAuth

func (*VaultCA) GetNamespace added in v1.1.0 

func (x *VaultCA) GetNamespace() string

func (*VaultCA) GetServer added in v1.1.0 

func (x *VaultCA) GetServer() string

func (*VaultCA) GetTokenSecretRef added in v1.1.0 

func (x *VaultCA) GetTokenSecretRef() *v1.ObjectRef

func (*VaultCA) ProtoMessage added in v1.1.0 

func (*VaultCA) ProtoMessage()

func (*VaultCA) ProtoReflect added in v1.1.0 

func (x *VaultCA) ProtoReflect() protoreflect.Message

func (*VaultCA) Reset added in v1.1.0 

func (x *VaultCA) Reset()

func (*VaultCA) String added in v1.1.0 

func (x *VaultCA) String() string

type VaultCA_KubernetesAuth added in v1.1.0 

type VaultCA_KubernetesAuth struct {
	// Kubernetes authenticates with Vault by passing the ServiceAccount
	// token stored in the named Secret resource to the Vault server.
	KubernetesAuth *VaultKubernetesAuth `protobuf:"bytes,8,opt,name=kubernetes_auth,json=kubernetesAuth,proto3,oneof"`
}

type VaultCA_TokenSecretRef added in v1.1.0 

type VaultCA_TokenSecretRef struct {
	// TokenSecretRef authenticates with Vault by presenting a token.
	TokenSecretRef *v1.ObjectRef `protobuf:"bytes,6,opt,name=token_secret_ref,json=tokenSecretRef,proto3,oneof"`
}

type VaultKubernetesAuth added in v1.1.0 

type VaultKubernetesAuth struct {

	// The Vault mountPath here is the mount path to use when authenticating with
	// Vault. For example, setting a value to `/v1/auth/foo`, will use the path
	// `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the
	// default value "/v1/auth/kubernetes" will be used.
	MountPath string `protobuf:"bytes,1,opt,name=mount_path,json=mountPath,proto3" json:"mount_path,omitempty"`
	// A required field containing the Vault Role to assume. A Role binds a
	// Kubernetes ServiceAccount with a set of Vault policies.
	Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
	// Key to search for the sa_token
	// Default to "token"
	SecretTokenKey string `protobuf:"bytes,3,opt,name=secret_token_key,json=secretTokenKey,proto3" json:"secret_token_key,omitempty"`
	// The method by which to get the service account token.
	// If unspecified will default to mounted_sa_path
	//
	// Types that are assignable to ServiceAccountLocation:
	//	*VaultKubernetesAuth_ServiceAccountRef
	//	*VaultKubernetesAuth_MountedSaPath
	ServiceAccountLocation isVaultKubernetesAuth_ServiceAccountLocation `protobuf_oneof:"service_account_location"`
	// contains filtered or unexported fields
}

func (*VaultKubernetesAuth) Descriptor deprecated added in v1.1.0 

func (*VaultKubernetesAuth) Descriptor() ([]byte, []int)

Deprecated: Use VaultKubernetesAuth.ProtoReflect.Descriptor instead.

func (*VaultKubernetesAuth) Equal added in v1.1.0 

func (m *VaultKubernetesAuth) Equal(that interface{}) bool

Equal function

func (*VaultKubernetesAuth) GetMountPath added in v1.1.0 

func (x *VaultKubernetesAuth) GetMountPath() string

func (*VaultKubernetesAuth) GetMountedSaPath added in v1.1.0 

func (x *VaultKubernetesAuth) GetMountedSaPath() string

func (*VaultKubernetesAuth) GetRole added in v1.1.0 

func (x *VaultKubernetesAuth) GetRole() string

func (*VaultKubernetesAuth) GetSecretTokenKey added in v1.1.0 

func (x *VaultKubernetesAuth) GetSecretTokenKey() string

func (*VaultKubernetesAuth) GetServiceAccountLocation added in v1.1.0 

func (m *VaultKubernetesAuth) GetServiceAccountLocation() isVaultKubernetesAuth_ServiceAccountLocation

func (*VaultKubernetesAuth) GetServiceAccountRef added in v1.1.0 

func (x *VaultKubernetesAuth) GetServiceAccountRef() *v1.ObjectRef

func (*VaultKubernetesAuth) ProtoMessage added in v1.1.0 

func (*VaultKubernetesAuth) ProtoMessage()

func (*VaultKubernetesAuth) ProtoReflect added in v1.1.0 

func (x *VaultKubernetesAuth) ProtoReflect() protoreflect.Message

func (*VaultKubernetesAuth) Reset added in v1.1.0 

func (x *VaultKubernetesAuth) Reset()

func (*VaultKubernetesAuth) String added in v1.1.0 

func (x *VaultKubernetesAuth) String() string

type VaultKubernetesAuth_MountedSaPath added in v1.1.0 

type VaultKubernetesAuth_MountedSaPath struct {
	// File System path to grab the service account token from.
	// Defaults to /var/run/secrets/kubernetes.io/serviceaccount
	MountedSaPath string `protobuf:"bytes,5,opt,name=mounted_sa_path,json=mountedSaPath,proto3,oneof"`
}

type VaultKubernetesAuth_ServiceAccountRef added in v1.1.0 

type VaultKubernetesAuth_ServiceAccountRef struct {
	// Reference to service account, other than the one mounted to the current pod.
	ServiceAccountRef *v1.ObjectRef `protobuf:"bytes,4,opt,name=service_account_ref,json=serviceAccountRef,proto3,oneof"`
}

Source Files

View all Source files

Directories

Path Synopsis
Definitions for the Kubernetes Controllers Definitions for the multicluster Kubernetes Controllers Definitions for the Kubernetes Controllers
 Definitions for the Kubernetes Controllers Definitions for the multicluster Kubernetes Controllers Definitions for the Kubernetes Controllers
mocks
Package mock_controller is a generated GoMock package.
 Package mock_controller is a generated GoMock package.
Package mock_v1 is a generated GoMock package.
 Package mock_v1 is a generated GoMock package.
mocks
Package mock_v1sets is a generated GoMock package.
 Package mock_v1sets is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.