Documentation ¶
Overview ¶
Package v1 contains API Schema definitions for the certificates.mesh.gloo.solo.io v1 API group +k8s:deepcopy-gen=package,register +groupName=certificates.mesh.gloo.solo.io
NOTE: Boilerplate only. Ignore this file. Used to register the Go types with the Kubernetes internal scheme
Definitions for the Kubernetes types ¶
Definitions for the Kubernetes types
Index ¶
- Variables
- func AddToScheme(s *runtime.Scheme) error
- func NewCertificateRequestClient(client client.Client) *certificateRequestClient
- func NewIssuedCertificateClient(client client.Client) *issuedCertificateClient
- func NewPodBounceDirectiveClient(client client.Client) *podBounceDirectiveClient
- func Resource(resource string) schema.GroupResource
- type CertificateRequest
- type CertificateRequestClient
- type CertificateRequestList
- type CertificateRequestReader
- type CertificateRequestSlice
- type CertificateRequestSpec
- func (in *CertificateRequestSpec) DeepCopyInto(out *CertificateRequestSpec)
- func (*CertificateRequestSpec) Descriptor() ([]byte, []int)deprecated
- func (m *CertificateRequestSpec) Equal(that interface{}) bool
- func (x *CertificateRequestSpec) GetCertificateSigningRequest() []byte
- func (this *CertificateRequestSpec) MarshalJSON() ([]byte, error)
- func (*CertificateRequestSpec) ProtoMessage()
- func (x *CertificateRequestSpec) ProtoReflect() protoreflect.Message
- func (x *CertificateRequestSpec) Reset()
- func (x *CertificateRequestSpec) String() string
- func (this *CertificateRequestSpec) UnmarshalJSON(b []byte) error
- type CertificateRequestStatus
- func (in *CertificateRequestStatus) DeepCopyInto(out *CertificateRequestStatus)
- func (*CertificateRequestStatus) Descriptor() ([]byte, []int)deprecated
- func (m *CertificateRequestStatus) Equal(that interface{}) bool
- func (x *CertificateRequestStatus) GetCertChain() []byte
- func (x *CertificateRequestStatus) GetError() string
- func (x *CertificateRequestStatus) GetObservedGeneration() int64
- func (x *CertificateRequestStatus) GetSignedCertificate() []byte
- func (x *CertificateRequestStatus) GetSigningRootCa() []byte
- func (x *CertificateRequestStatus) GetState() CertificateRequestStatus_State
- func (this *CertificateRequestStatus) MarshalJSON() ([]byte, error)
- func (*CertificateRequestStatus) ProtoMessage()
- func (x *CertificateRequestStatus) ProtoReflect() protoreflect.Message
- func (x *CertificateRequestStatus) Reset()
- func (x *CertificateRequestStatus) String() string
- func (this *CertificateRequestStatus) UnmarshalJSON(b []byte) error
- type CertificateRequestStatusWriter
- type CertificateRequestStatus_State
- func (CertificateRequestStatus_State) Descriptor() protoreflect.EnumDescriptor
- func (x CertificateRequestStatus_State) Enum() *CertificateRequestStatus_State
- func (CertificateRequestStatus_State) EnumDescriptor() ([]byte, []int)deprecated
- func (x CertificateRequestStatus_State) Number() protoreflect.EnumNumber
- func (x CertificateRequestStatus_State) String() string
- func (CertificateRequestStatus_State) Type() protoreflect.EnumType
- type CertificateRequestTransitionFunction
- type CertificateRequestWriter
- type CertificateRotationCondition
- func (*CertificateRotationCondition) Descriptor() ([]byte, []int)deprecated
- func (m *CertificateRotationCondition) Equal(that interface{}) bool
- func (x *CertificateRotationCondition) GetErrors() []string
- func (x *CertificateRotationCondition) GetMessage() string
- func (x *CertificateRotationCondition) GetState() CertificateRotationState
- func (x *CertificateRotationCondition) GetTimestamp() string
- func (*CertificateRotationCondition) ProtoMessage()
- func (x *CertificateRotationCondition) ProtoReflect() protoreflect.Message
- func (x *CertificateRotationCondition) Reset()
- func (x *CertificateRotationCondition) String() string
- type CertificateRotationState
- func (CertificateRotationState) Descriptor() protoreflect.EnumDescriptor
- func (x CertificateRotationState) Enum() *CertificateRotationState
- func (CertificateRotationState) EnumDescriptor() ([]byte, []int)deprecated
- func (x CertificateRotationState) Number() protoreflect.EnumNumber
- func (x CertificateRotationState) String() string
- func (CertificateRotationState) Type() protoreflect.EnumType
- type CertificateRotationStrategy
- func (CertificateRotationStrategy) Descriptor() protoreflect.EnumDescriptor
- func (x CertificateRotationStrategy) Enum() *CertificateRotationStrategy
- func (CertificateRotationStrategy) EnumDescriptor() ([]byte, []int)deprecated
- func (x CertificateRotationStrategy) Number() protoreflect.EnumNumber
- func (x CertificateRotationStrategy) String() string
- func (CertificateRotationStrategy) Type() protoreflect.EnumType
- type CertificateRotationVerificationMethod
- func (*CertificateRotationVerificationMethod) Descriptor() ([]byte, []int)deprecated
- func (m *CertificateRotationVerificationMethod) Equal(that interface{}) bool
- func (x *CertificateRotationVerificationMethod) GetManual() *empty.Empty
- func (m *CertificateRotationVerificationMethod) GetMethod() isCertificateRotationVerificationMethod_Method
- func (x *CertificateRotationVerificationMethod) GetNone() *empty.Empty
- func (*CertificateRotationVerificationMethod) ProtoMessage()
- func (x *CertificateRotationVerificationMethod) ProtoReflect() protoreflect.Message
- func (x *CertificateRotationVerificationMethod) Reset()
- func (x *CertificateRotationVerificationMethod) String() string
- type CertificateRotationVerificationMethod_Manual
- type CertificateRotationVerificationMethod_None
- type Clientset
- type CommonCertOptions
- func (*CommonCertOptions) Descriptor() ([]byte, []int)deprecated
- func (m *CommonCertOptions) Equal(that interface{}) bool
- func (x *CommonCertOptions) GetOrgName() string
- func (x *CommonCertOptions) GetRsaKeySizeBytes() uint32
- func (x *CommonCertOptions) GetSecretRotationGracePeriodRatio() float32
- func (x *CommonCertOptions) GetTtlDays() uint32
- func (*CommonCertOptions) ProtoMessage()
- func (x *CommonCertOptions) ProtoReflect() protoreflect.Message
- func (x *CommonCertOptions) Reset()
- func (x *CommonCertOptions) String() string
- type IntermediateCertificateAuthority
- func (*IntermediateCertificateAuthority) Descriptor() ([]byte, []int)deprecated
- func (m *IntermediateCertificateAuthority) Equal(that interface{}) bool
- func (m *IntermediateCertificateAuthority) GetCaSource() isIntermediateCertificateAuthority_CaSource
- func (x *IntermediateCertificateAuthority) GetVault() *VaultCA
- func (*IntermediateCertificateAuthority) ProtoMessage()
- func (x *IntermediateCertificateAuthority) ProtoReflect() protoreflect.Message
- func (x *IntermediateCertificateAuthority) Reset()
- func (x *IntermediateCertificateAuthority) String() string
- type IntermediateCertificateAuthority_Vault
- type IssuedCertificate
- type IssuedCertificateClient
- type IssuedCertificateList
- type IssuedCertificateReader
- type IssuedCertificateSlice
- type IssuedCertificateSpec
- func (in *IssuedCertificateSpec) DeepCopyInto(out *IssuedCertificateSpec)
- func (*IssuedCertificateSpec) Descriptor() ([]byte, []int)deprecated
- func (m *IssuedCertificateSpec) Equal(that interface{}) bool
- func (x *IssuedCertificateSpec) GetAgentCa() *IntermediateCertificateAuthority
- func (x *IssuedCertificateSpec) GetCertOptions() *CommonCertOptions
- func (m *IssuedCertificateSpec) GetCertificateAuthority() isIssuedCertificateSpec_CertificateAuthority
- func (x *IssuedCertificateSpec) GetGlooMeshCa() *RootCertificateAuthority
- func (x *IssuedCertificateSpec) GetHosts() []string
- func (x *IssuedCertificateSpec) GetIssuedCertificateSecret() *v1.ObjectRef
- func (x *IssuedCertificateSpec) GetOrg() string
- func (x *IssuedCertificateSpec) GetPodBounceDirective() *v1.ObjectRef
- func (x *IssuedCertificateSpec) GetRotationState() CertificateRotationState
- func (x *IssuedCertificateSpec) GetSigningCertificateSecret() *v1.ObjectRef
- func (this *IssuedCertificateSpec) MarshalJSON() ([]byte, error)
- func (*IssuedCertificateSpec) ProtoMessage()
- func (x *IssuedCertificateSpec) ProtoReflect() protoreflect.Message
- func (x *IssuedCertificateSpec) Reset()
- func (x *IssuedCertificateSpec) String() string
- func (this *IssuedCertificateSpec) UnmarshalJSON(b []byte) error
- type IssuedCertificateSpec_AgentCa
- type IssuedCertificateSpec_GlooMeshCa
- type IssuedCertificateStatus
- func (in *IssuedCertificateStatus) DeepCopyInto(out *IssuedCertificateStatus)
- func (*IssuedCertificateStatus) Descriptor() ([]byte, []int)deprecated
- func (m *IssuedCertificateStatus) Equal(that interface{}) bool
- func (x *IssuedCertificateStatus) GetAppliedAgentCa() *IntermediateCertificateAuthority
- func (m *IssuedCertificateStatus) GetAppliedCertificateAuthority() isIssuedCertificateStatus_AppliedCertificateAuthority
- func (x *IssuedCertificateStatus) GetAppliedGlooMeshCa() *RootCertificateAuthority
- func (x *IssuedCertificateStatus) GetError() string
- func (x *IssuedCertificateStatus) GetObservedGeneration() int64
- func (x *IssuedCertificateStatus) GetObservedRotationState() CertificateRotationState
- func (x *IssuedCertificateStatus) GetState() IssuedCertificateStatus_State
- func (this *IssuedCertificateStatus) MarshalJSON() ([]byte, error)
- func (*IssuedCertificateStatus) ProtoMessage()
- func (x *IssuedCertificateStatus) ProtoReflect() protoreflect.Message
- func (x *IssuedCertificateStatus) Reset()
- func (x *IssuedCertificateStatus) String() string
- func (this *IssuedCertificateStatus) UnmarshalJSON(b []byte) error
- type IssuedCertificateStatusWriter
- type IssuedCertificateStatus_AppliedAgentCa
- type IssuedCertificateStatus_AppliedGlooMeshCa
- type IssuedCertificateStatus_State
- func (IssuedCertificateStatus_State) Descriptor() protoreflect.EnumDescriptor
- func (x IssuedCertificateStatus_State) Enum() *IssuedCertificateStatus_State
- func (IssuedCertificateStatus_State) EnumDescriptor() ([]byte, []int)deprecated
- func (x IssuedCertificateStatus_State) Number() protoreflect.EnumNumber
- func (x IssuedCertificateStatus_State) String() string
- func (IssuedCertificateStatus_State) Type() protoreflect.EnumType
- type IssuedCertificateTransitionFunction
- type IssuedCertificateWriter
- type MulticlusterCertificateRequestClient
- type MulticlusterClientset
- type MulticlusterIssuedCertificateClient
- type MulticlusterPodBounceDirectiveClient
- type PodBounceDirective
- type PodBounceDirectiveClient
- type PodBounceDirectiveList
- type PodBounceDirectiveReader
- type PodBounceDirectiveSlice
- type PodBounceDirectiveSpec
- func (in *PodBounceDirectiveSpec) DeepCopyInto(out *PodBounceDirectiveSpec)
- func (*PodBounceDirectiveSpec) Descriptor() ([]byte, []int)deprecated
- func (m *PodBounceDirectiveSpec) Equal(that interface{}) bool
- func (x *PodBounceDirectiveSpec) GetPodsToBounce() []*PodBounceDirectiveSpec_PodSelector
- func (this *PodBounceDirectiveSpec) MarshalJSON() ([]byte, error)
- func (*PodBounceDirectiveSpec) ProtoMessage()
- func (x *PodBounceDirectiveSpec) ProtoReflect() protoreflect.Message
- func (x *PodBounceDirectiveSpec) Reset()
- func (x *PodBounceDirectiveSpec) String() string
- func (this *PodBounceDirectiveSpec) UnmarshalJSON(b []byte) error
- type PodBounceDirectiveSpec_PodSelector
- func (*PodBounceDirectiveSpec_PodSelector) Descriptor() ([]byte, []int)deprecated
- func (m *PodBounceDirectiveSpec_PodSelector) Equal(that interface{}) bool
- func (x *PodBounceDirectiveSpec_PodSelector) GetLabels() map[string]string
- func (x *PodBounceDirectiveSpec_PodSelector) GetNamespace() string
- func (x *PodBounceDirectiveSpec_PodSelector) GetRootCertSync() *PodBounceDirectiveSpec_PodSelector_RootCertSync
- func (x *PodBounceDirectiveSpec_PodSelector) GetWaitForReplicas() uint32
- func (*PodBounceDirectiveSpec_PodSelector) ProtoMessage()
- func (x *PodBounceDirectiveSpec_PodSelector) ProtoReflect() protoreflect.Message
- func (x *PodBounceDirectiveSpec_PodSelector) Reset()
- func (x *PodBounceDirectiveSpec_PodSelector) String() string
- type PodBounceDirectiveSpec_PodSelector_RootCertSync
- func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) Descriptor() ([]byte, []int)deprecated
- func (m *PodBounceDirectiveSpec_PodSelector_RootCertSync) Equal(that interface{}) bool
- func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) GetConfigMapKey() string
- func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) GetConfigMapRef() *v1.ObjectRef
- func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) GetSecretKey() string
- func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) GetSecretRef() *v1.ObjectRef
- func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) ProtoMessage()
- func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) ProtoReflect() protoreflect.Message
- func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) Reset()
- func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) String() string
- type PodBounceDirectiveStatus
- func (in *PodBounceDirectiveStatus) DeepCopyInto(out *PodBounceDirectiveStatus)
- func (*PodBounceDirectiveStatus) Descriptor() ([]byte, []int)deprecated
- func (m *PodBounceDirectiveStatus) Equal(that interface{}) bool
- func (x *PodBounceDirectiveStatus) GetPodsBounced() []*PodBounceDirectiveStatus_BouncedPodSet
- func (this *PodBounceDirectiveStatus) MarshalJSON() ([]byte, error)
- func (*PodBounceDirectiveStatus) ProtoMessage()
- func (x *PodBounceDirectiveStatus) ProtoReflect() protoreflect.Message
- func (x *PodBounceDirectiveStatus) Reset()
- func (x *PodBounceDirectiveStatus) String() string
- func (this *PodBounceDirectiveStatus) UnmarshalJSON(b []byte) error
- type PodBounceDirectiveStatusWriter
- type PodBounceDirectiveStatus_BouncedPodSet
- func (*PodBounceDirectiveStatus_BouncedPodSet) Descriptor() ([]byte, []int)deprecated
- func (m *PodBounceDirectiveStatus_BouncedPodSet) Equal(that interface{}) bool
- func (x *PodBounceDirectiveStatus_BouncedPodSet) GetBouncedPods() []string
- func (*PodBounceDirectiveStatus_BouncedPodSet) ProtoMessage()
- func (x *PodBounceDirectiveStatus_BouncedPodSet) ProtoReflect() protoreflect.Message
- func (x *PodBounceDirectiveStatus_BouncedPodSet) Reset()
- func (x *PodBounceDirectiveStatus_BouncedPodSet) String() string
- type PodBounceDirectiveTransitionFunction
- type PodBounceDirectiveWriter
- type RootCertificateAuthority
- func (*RootCertificateAuthority) Descriptor() ([]byte, []int)deprecated
- func (m *RootCertificateAuthority) Equal(that interface{}) bool
- func (m *RootCertificateAuthority) GetCertificateAuthority() isRootCertificateAuthority_CertificateAuthority
- func (x *RootCertificateAuthority) GetSigningCertificateSecret() *v1.ObjectRef
- func (*RootCertificateAuthority) ProtoMessage()
- func (x *RootCertificateAuthority) ProtoReflect() protoreflect.Message
- func (x *RootCertificateAuthority) Reset()
- func (x *RootCertificateAuthority) String() string
- type RootCertificateAuthority_SigningCertificateSecret
- type VaultCA
- func (*VaultCA) Descriptor() ([]byte, []int)deprecated
- func (m *VaultCA) Equal(that interface{}) bool
- func (m *VaultCA) GetAuthType() isVaultCA_AuthType
- func (x *VaultCA) GetCaBundle() []byte
- func (x *VaultCA) GetCaPath() string
- func (x *VaultCA) GetCsrPath() string
- func (x *VaultCA) GetKubernetesAuth() *VaultKubernetesAuth
- func (x *VaultCA) GetNamespace() string
- func (x *VaultCA) GetServer() string
- func (x *VaultCA) GetTokenSecretRef() *v1.ObjectRef
- func (*VaultCA) ProtoMessage()
- func (x *VaultCA) ProtoReflect() protoreflect.Message
- func (x *VaultCA) Reset()
- func (x *VaultCA) String() string
- type VaultCA_KubernetesAuth
- type VaultCA_TokenSecretRef
- type VaultKubernetesAuth
- func (*VaultKubernetesAuth) Descriptor() ([]byte, []int)deprecated
- func (m *VaultKubernetesAuth) Equal(that interface{}) bool
- func (x *VaultKubernetesAuth) GetMountPath() string
- func (x *VaultKubernetesAuth) GetMountedSaPath() string
- func (x *VaultKubernetesAuth) GetRole() string
- func (x *VaultKubernetesAuth) GetSecretTokenKey() string
- func (m *VaultKubernetesAuth) GetServiceAccountLocation() isVaultKubernetesAuth_ServiceAccountLocation
- func (x *VaultKubernetesAuth) GetServiceAccountRef() *v1.ObjectRef
- func (*VaultKubernetesAuth) ProtoMessage()
- func (x *VaultKubernetesAuth) ProtoReflect() protoreflect.Message
- func (x *VaultKubernetesAuth) Reset()
- func (x *VaultKubernetesAuth) String() string
- type VaultKubernetesAuth_MountedSaPath
- type VaultKubernetesAuth_ServiceAccountRef
Constants ¶
This section is empty.
Variables ¶
var ( CertificateRotationState_name = map[int32]string{ 0: "NOT_ROTATING", 1: "PREVIOUS_CA", 2: "ADDING_NEW_ROOT", 3: "PROPAGATING_NEW_INTERMEDIATE", 4: "DELETING_OLD_ROOT", 5: "VERIFYING", 6: "VERIFIED", 7: "ROLLING_BACK", 8: "FINISHED", 9: "FAILED", } CertificateRotationState_value = map[string]int32{ "NOT_ROTATING": 0, "PREVIOUS_CA": 1, "ADDING_NEW_ROOT": 2, "PROPAGATING_NEW_INTERMEDIATE": 3, "DELETING_OLD_ROOT": 4, "VERIFYING": 5, "VERIFIED": 6, "ROLLING_BACK": 7, "FINISHED": 8, "FAILED": 9, } )
Enum value maps for CertificateRotationState.
var ( CertificateRotationStrategy_name = map[int32]string{ 0: "MULTI_ROOT", 1: "NONE", } CertificateRotationStrategy_value = map[string]int32{ "MULTI_ROOT": 0, "NONE": 1, } )
Enum value maps for CertificateRotationStrategy.
var ( CertificateRequestStatus_State_name = map[int32]string{ 0: "PENDING", 1: "FINISHED", 2: "FAILED", } CertificateRequestStatus_State_value = map[string]int32{ "PENDING": 0, "FINISHED": 1, "FAILED": 2, } )
Enum value maps for CertificateRequestStatus_State.
var ( IssuedCertificateStatus_State_name = map[int32]string{ 0: "PENDING", 1: "REQUESTED", 2: "ISSUED", 3: "FINISHED", 4: "FAILED", } IssuedCertificateStatus_State_value = map[string]int32{ "PENDING": 0, "REQUESTED": 1, "ISSUED": 2, "FINISHED": 3, "FAILED": 4, } )
Enum value maps for IssuedCertificateStatus_State.
var ( // SchemeGroupVersion is group version used to register these objects SchemeGroupVersion = schema.GroupVersion{Group: "certificates.mesh.gloo.solo.io", Version: "v1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} )
var CertificateRequestGVK = schema.GroupVersionKind{
Group: "certificates.mesh.gloo.solo.io",
Version: "v1",
Kind: "CertificateRequest",
}
GroupVersionKind for CertificateRequest
var File_github_com_solo_io_gloo_mesh_api_certificates_v1_ca_options_proto protoreflect.FileDescriptor
var File_github_com_solo_io_gloo_mesh_api_certificates_v1_certificate_request_proto protoreflect.FileDescriptor
var File_github_com_solo_io_gloo_mesh_api_certificates_v1_issued_certificate_proto protoreflect.FileDescriptor
var File_github_com_solo_io_gloo_mesh_api_certificates_v1_pod_bounce_directive_proto protoreflect.FileDescriptor
var File_github_com_solo_io_gloo_mesh_api_certificates_v1_vault_ca_proto protoreflect.FileDescriptor
var IssuedCertificateGVK = schema.GroupVersionKind{
Group: "certificates.mesh.gloo.solo.io",
Version: "v1",
Kind: "IssuedCertificate",
}
GroupVersionKind for IssuedCertificate
var PodBounceDirectiveGVK = schema.GroupVersionKind{
Group: "certificates.mesh.gloo.solo.io",
Version: "v1",
Kind: "PodBounceDirective",
}
GroupVersionKind for PodBounceDirective
Functions ¶
func AddToScheme ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type CertificateRequest ¶
type CertificateRequest struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec CertificateRequestSpec `json:"spec,omitempty"` Status CertificateRequestStatus `json:"status,omitempty"` }
CertificateRequest is the Schema for the certificateRequest API
func (*CertificateRequest) DeepCopy ¶
func (in *CertificateRequest) DeepCopy() *CertificateRequest
func (*CertificateRequest) DeepCopyInto ¶
func (in *CertificateRequest) DeepCopyInto(out *CertificateRequest)
func (*CertificateRequest) DeepCopyObject ¶
func (in *CertificateRequest) DeepCopyObject() runtime.Object
func (CertificateRequest) GVK ¶
func (CertificateRequest) GVK() schema.GroupVersionKind
GVK returns the GroupVersionKind associated with the resource type.
type CertificateRequestClient ¶
type CertificateRequestClient interface { CertificateRequestReader CertificateRequestWriter CertificateRequestStatusWriter }
Client knows how to perform CRUD operations on CertificateRequests.
type CertificateRequestList ¶
type CertificateRequestList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []CertificateRequest `json:"items"` }
CertificateRequestList contains a list of CertificateRequest
func (*CertificateRequestList) DeepCopy ¶
func (in *CertificateRequestList) DeepCopy() *CertificateRequestList
func (*CertificateRequestList) DeepCopyInto ¶
func (in *CertificateRequestList) DeepCopyInto(out *CertificateRequestList)
func (*CertificateRequestList) DeepCopyObject ¶
func (in *CertificateRequestList) DeepCopyObject() runtime.Object
type CertificateRequestReader ¶
type CertificateRequestReader interface { // Get retrieves a CertificateRequest for the given object key GetCertificateRequest(ctx context.Context, key client.ObjectKey) (*CertificateRequest, error) // List retrieves list of CertificateRequests for a given namespace and list options. ListCertificateRequest(ctx context.Context, opts ...client.ListOption) (*CertificateRequestList, error) }
Reader knows how to read and list CertificateRequests.
type CertificateRequestSlice ¶
type CertificateRequestSlice []*CertificateRequest
CertificateRequestSlice represents a slice of *CertificateRequest
type CertificateRequestSpec ¶
type CertificateRequestSpec struct { // Base64-encoded data for the PKCS#10 Certificate Signing Request issued // by the Gloo Mesh agent deployed in the managed cluster, corresponding // to the IssuedRequest received by the Gloo Mesh agent. CertificateSigningRequest []byte `` /* 138-byte string literal not displayed */ // contains filtered or unexported fields }
CertificateRequests are generated by the Gloo Mesh agent installed on managed clusters. They are used to request a signed certificate from the certificate issuer (the Gloo Mesh server) based on a private key generated by the agent (which never leaves the managed cluster).
When Gloo Mesh creates an IssuedCertificate on a managed cluster, the local Gloo Mesh Agent will generate a CertificateRequest corresponding to it.
Gloo Mesh will then process the certificate signing request contained in the `CertificateRequestSpec` and write the signed SSL certificate back as a Kubernetes secret in the managed cluster, and update the `CertificateRequestStatus` to point to that secret.
func (*CertificateRequestSpec) DeepCopyInto ¶
func (in *CertificateRequestSpec) DeepCopyInto(out *CertificateRequestSpec)
DeepCopyInto for the CertificateRequest.Spec
func (*CertificateRequestSpec) Descriptor
deprecated
func (*CertificateRequestSpec) Descriptor() ([]byte, []int)
Deprecated: Use CertificateRequestSpec.ProtoReflect.Descriptor instead.
func (*CertificateRequestSpec) Equal ¶
func (m *CertificateRequestSpec) Equal(that interface{}) bool
Equal function
func (*CertificateRequestSpec) GetCertificateSigningRequest ¶
func (x *CertificateRequestSpec) GetCertificateSigningRequest() []byte
func (*CertificateRequestSpec) MarshalJSON ¶
func (this *CertificateRequestSpec) MarshalJSON() ([]byte, error)
MarshalJSON is a custom marshaler for CertificateRequestSpec
func (*CertificateRequestSpec) ProtoMessage ¶
func (*CertificateRequestSpec) ProtoMessage()
func (*CertificateRequestSpec) ProtoReflect ¶
func (x *CertificateRequestSpec) ProtoReflect() protoreflect.Message
func (*CertificateRequestSpec) Reset ¶
func (x *CertificateRequestSpec) Reset()
func (*CertificateRequestSpec) String ¶
func (x *CertificateRequestSpec) String() string
func (*CertificateRequestSpec) UnmarshalJSON ¶
func (this *CertificateRequestSpec) UnmarshalJSON(b []byte) error
UnmarshalJSON is a custom unmarshaler for CertificateRequestSpec
type CertificateRequestStatus ¶
type CertificateRequestStatus struct { // The most recent generation observed in the the CertificateRequest metadata. // If the `observedGeneration` does not match `metadata.generation`, the issuer has not processed the most // recent version of this request. ObservedGeneration int64 `protobuf:"varint,1,opt,name=observed_generation,json=observedGeneration,proto3" json:"observed_generation,omitempty"` // Any error observed which prevented the CertificateRequest from being processed. // If the error is empty, the request has been processed successfully Error string `protobuf:"bytes,2,opt,name=error,proto3" json:"error,omitempty"` // The current state of the CertificateRequest workflow reported by the issuer. State CertificateRequestStatus_State `` /* 131-byte string literal not displayed */ // The signed intermediate certificate issued by the CA. SignedCertificate []byte `protobuf:"bytes,4,opt,name=signed_certificate,json=signedCertificate,proto3" json:"signed_certificate,omitempty"` // The root CA used by the issuer to sign the certificate. SigningRootCa []byte `protobuf:"bytes,5,opt,name=signing_root_ca,json=signingRootCa,proto3" json:"signing_root_ca,omitempty"` // The cert chain of signing CA. CertChain []byte `protobuf:"bytes,6,opt,name=cert_chain,json=certChain,proto3" json:"cert_chain,omitempty"` // contains filtered or unexported fields }
func (*CertificateRequestStatus) DeepCopyInto ¶
func (in *CertificateRequestStatus) DeepCopyInto(out *CertificateRequestStatus)
DeepCopyInto for the CertificateRequest.Status
func (*CertificateRequestStatus) Descriptor
deprecated
func (*CertificateRequestStatus) Descriptor() ([]byte, []int)
Deprecated: Use CertificateRequestStatus.ProtoReflect.Descriptor instead.
func (*CertificateRequestStatus) Equal ¶
func (m *CertificateRequestStatus) Equal(that interface{}) bool
Equal function
func (*CertificateRequestStatus) GetCertChain ¶ added in v1.1.0
func (x *CertificateRequestStatus) GetCertChain() []byte
func (*CertificateRequestStatus) GetError ¶
func (x *CertificateRequestStatus) GetError() string
func (*CertificateRequestStatus) GetObservedGeneration ¶
func (x *CertificateRequestStatus) GetObservedGeneration() int64
func (*CertificateRequestStatus) GetSignedCertificate ¶
func (x *CertificateRequestStatus) GetSignedCertificate() []byte
func (*CertificateRequestStatus) GetSigningRootCa ¶
func (x *CertificateRequestStatus) GetSigningRootCa() []byte
func (*CertificateRequestStatus) GetState ¶
func (x *CertificateRequestStatus) GetState() CertificateRequestStatus_State
func (*CertificateRequestStatus) MarshalJSON ¶
func (this *CertificateRequestStatus) MarshalJSON() ([]byte, error)
MarshalJSON is a custom marshaler for CertificateRequestStatus
func (*CertificateRequestStatus) ProtoMessage ¶
func (*CertificateRequestStatus) ProtoMessage()
func (*CertificateRequestStatus) ProtoReflect ¶
func (x *CertificateRequestStatus) ProtoReflect() protoreflect.Message
func (*CertificateRequestStatus) Reset ¶
func (x *CertificateRequestStatus) Reset()
func (*CertificateRequestStatus) String ¶
func (x *CertificateRequestStatus) String() string
func (*CertificateRequestStatus) UnmarshalJSON ¶
func (this *CertificateRequestStatus) UnmarshalJSON(b []byte) error
UnmarshalJSON is a custom unmarshaler for CertificateRequestStatus
type CertificateRequestStatusWriter ¶
type CertificateRequestStatusWriter interface { // Update updates the fields corresponding to the status subresource for the // given CertificateRequest object. UpdateCertificateRequestStatus(ctx context.Context, obj *CertificateRequest, opts ...client.UpdateOption) error // Patch patches the given CertificateRequest object's subresource. PatchCertificateRequestStatus(ctx context.Context, obj *CertificateRequest, patch client.Patch, opts ...client.PatchOption) error }
StatusWriter knows how to update status subresource of a CertificateRequest object.
type CertificateRequestStatus_State ¶
type CertificateRequestStatus_State int32
Possible states in which a CertificateRequest can exist.
const ( // The CertificateRequest has yet to be picked up by the issuer. CertificateRequestStatus_PENDING CertificateRequestStatus_State = 0 // The issuer has replied to the request and the `signedCertificate` and `signingRootCa` // status fields will be populated. CertificateRequestStatus_FINISHED CertificateRequestStatus_State = 1 // Processing the certificate workflow failed. CertificateRequestStatus_FAILED CertificateRequestStatus_State = 2 )
func (CertificateRequestStatus_State) Descriptor ¶
func (CertificateRequestStatus_State) Descriptor() protoreflect.EnumDescriptor
func (CertificateRequestStatus_State) Enum ¶
func (x CertificateRequestStatus_State) Enum() *CertificateRequestStatus_State
func (CertificateRequestStatus_State) EnumDescriptor
deprecated
func (CertificateRequestStatus_State) EnumDescriptor() ([]byte, []int)
Deprecated: Use CertificateRequestStatus_State.Descriptor instead.
func (CertificateRequestStatus_State) Number ¶
func (x CertificateRequestStatus_State) Number() protoreflect.EnumNumber
func (CertificateRequestStatus_State) String ¶
func (x CertificateRequestStatus_State) String() string
func (CertificateRequestStatus_State) Type ¶
func (CertificateRequestStatus_State) Type() protoreflect.EnumType
type CertificateRequestTransitionFunction ¶
type CertificateRequestTransitionFunction func(existing, desired *CertificateRequest) error
CertificateRequestTransitionFunction instructs the CertificateRequestWriter how to transition between an existing CertificateRequest object and a desired on an Upsert
type CertificateRequestWriter ¶
type CertificateRequestWriter interface { // Create saves the CertificateRequest object. CreateCertificateRequest(ctx context.Context, obj *CertificateRequest, opts ...client.CreateOption) error // Delete deletes the CertificateRequest object. DeleteCertificateRequest(ctx context.Context, key client.ObjectKey, opts ...client.DeleteOption) error // Update updates the given CertificateRequest object. UpdateCertificateRequest(ctx context.Context, obj *CertificateRequest, opts ...client.UpdateOption) error // Patch patches the given CertificateRequest object. PatchCertificateRequest(ctx context.Context, obj *CertificateRequest, patch client.Patch, opts ...client.PatchOption) error // DeleteAllOf deletes all CertificateRequest objects matching the given options. DeleteAllOfCertificateRequest(ctx context.Context, opts ...client.DeleteAllOfOption) error // Create or Update the CertificateRequest object. UpsertCertificateRequest(ctx context.Context, obj *CertificateRequest, transitionFuncs ...CertificateRequestTransitionFunction) error }
Writer knows how to create, delete, and update CertificateRequests.
type CertificateRotationCondition ¶ added in v1.1.0
type CertificateRotationCondition struct { // The time at which this condition was recorded Timestamp string `protobuf:"bytes,1,opt,name=timestamp,proto3" json:"timestamp,omitempty"` // The current state of the cert rotation State CertificateRotationState `protobuf:"varint,2,opt,name=state,proto3,enum=certificates.mesh.gloo.solo.io.CertificateRotationState" json:"state,omitempty"` // A human readable message related to the current condition Message string `protobuf:"bytes,3,opt,name=message,proto3" json:"message,omitempty"` // Any errors which occurred during the current rotation stage Errors []string `protobuf:"bytes,4,rep,name=errors,proto3" json:"errors,omitempty"` // contains filtered or unexported fields }
CertificateRotationCondition represents a timesptamped snapshot of the certificate rotation workflow. This is used to keep track of the steps which have been completed thus far.
func (*CertificateRotationCondition) Descriptor
deprecated
added in
v1.1.0
func (*CertificateRotationCondition) Descriptor() ([]byte, []int)
Deprecated: Use CertificateRotationCondition.ProtoReflect.Descriptor instead.
func (*CertificateRotationCondition) Equal ¶ added in v1.1.0
func (m *CertificateRotationCondition) Equal(that interface{}) bool
Equal function
func (*CertificateRotationCondition) GetErrors ¶ added in v1.1.0
func (x *CertificateRotationCondition) GetErrors() []string
func (*CertificateRotationCondition) GetMessage ¶ added in v1.1.0
func (x *CertificateRotationCondition) GetMessage() string
func (*CertificateRotationCondition) GetState ¶ added in v1.1.0
func (x *CertificateRotationCondition) GetState() CertificateRotationState
func (*CertificateRotationCondition) GetTimestamp ¶ added in v1.1.0
func (x *CertificateRotationCondition) GetTimestamp() string
func (*CertificateRotationCondition) ProtoMessage ¶ added in v1.1.0
func (*CertificateRotationCondition) ProtoMessage()
func (*CertificateRotationCondition) ProtoReflect ¶ added in v1.1.0
func (x *CertificateRotationCondition) ProtoReflect() protoreflect.Message
func (*CertificateRotationCondition) Reset ¶ added in v1.1.0
func (x *CertificateRotationCondition) Reset()
func (*CertificateRotationCondition) String ¶ added in v1.1.0
func (x *CertificateRotationCondition) String() string
type CertificateRotationState ¶ added in v1.1.0
type CertificateRotationState int32
State of Certificate Rotation Possible states in which a CertificateRotation can exist.
const ( // No Certificate rotation is currently happening CertificateRotationState_NOT_ROTATING CertificateRotationState = 0 // Signing the certificate using the previously applied CA. This step is mostly used when `ADDING_NEW_ROOT` // fails, and the rotation has to be ROLLED_BACK CertificateRotationState_PREVIOUS_CA CertificateRotationState = 1 // The CertificateRotation is underway, both roots are set, and the new root is being propagated CertificateRotationState_ADDING_NEW_ROOT CertificateRotationState = 2 // The CertificateRotation is underway again. // The initial verification is over, the traffic continues to work with both roots present. // Now the old root is being removed, and the new root is being propagated alone to the data-plane clusters CertificateRotationState_PROPAGATING_NEW_INTERMEDIATE CertificateRotationState = 3 // The CertificateRotation is underway again. // Removing the old-root from all data-plane clusters CertificateRotationState_DELETING_OLD_ROOT CertificateRotationState = 4 // Verifying connectivity between workloads, the workflow will not progress until connectivity has been verified. // This can either be manual or in the future automated CertificateRotationState_VERIFYING CertificateRotationState = 5 // The connectivity has been verified. CertificateRotationState_VERIFIED CertificateRotationState = 6 // The connectivity has been deemed to not be functioning properly, rolling back to the last // known good state. CertificateRotationState_ROLLING_BACK CertificateRotationState = 7 // The rotation has finished, the new root has been propagated to all data-plane clusters, and traffic has // been verified successfully. CertificateRotationState_FINISHED CertificateRotationState = 8 // Processing the certificate rotation workflow failed. CertificateRotationState_FAILED CertificateRotationState = 9 )
func (CertificateRotationState) Descriptor ¶ added in v1.1.0
func (CertificateRotationState) Descriptor() protoreflect.EnumDescriptor
func (CertificateRotationState) Enum ¶ added in v1.1.0
func (x CertificateRotationState) Enum() *CertificateRotationState
func (CertificateRotationState) EnumDescriptor
deprecated
added in
v1.1.0
func (CertificateRotationState) EnumDescriptor() ([]byte, []int)
Deprecated: Use CertificateRotationState.Descriptor instead.
func (CertificateRotationState) Number ¶ added in v1.1.0
func (x CertificateRotationState) Number() protoreflect.EnumNumber
func (CertificateRotationState) String ¶ added in v1.1.0
func (x CertificateRotationState) String() string
func (CertificateRotationState) Type ¶ added in v1.1.0
func (CertificateRotationState) Type() protoreflect.EnumType
type CertificateRotationStrategy ¶ added in v1.1.0
type CertificateRotationStrategy int32
const ( // The default certificate rotation strategy. This strategy involves three steps which // ensure that traffic in the mesh will experience no downtime. // For an in depth explination of how this strategy works in Istio see the [following blog](https://blog.christianposta.com/diving-into-istio-1-6-certificate-rotation/) // The steps are as follows: // 1. ADDING_NEW_ROOT // During this step the new root-cert will be appended to the old root-cert, and then distributed. // The intermediate will continue to be signed by the original root. // 2. PROPAGATING_NEW_INTERMEDIATE // During this step both root-certs will still be distributed. In addition the intermediate will now // be signed by the new root key. // 3. DELETING_OLD_ROOT // During this step the old root is no longer included, and the intermediate will continue to be signed // by the new root key. CertificateRotationStrategy_MULTI_ROOT CertificateRotationStrategy = 0 // Do not use any rotation strategy. // NOTE: This can lead to downtime while workloads transition // from one root of trust to another CertificateRotationStrategy_NONE CertificateRotationStrategy = 1 )
func (CertificateRotationStrategy) Descriptor ¶ added in v1.1.0
func (CertificateRotationStrategy) Descriptor() protoreflect.EnumDescriptor
func (CertificateRotationStrategy) Enum ¶ added in v1.1.0
func (x CertificateRotationStrategy) Enum() *CertificateRotationStrategy
func (CertificateRotationStrategy) EnumDescriptor
deprecated
added in
v1.1.0
func (CertificateRotationStrategy) EnumDescriptor() ([]byte, []int)
Deprecated: Use CertificateRotationStrategy.Descriptor instead.
func (CertificateRotationStrategy) Number ¶ added in v1.1.0
func (x CertificateRotationStrategy) Number() protoreflect.EnumNumber
func (CertificateRotationStrategy) String ¶ added in v1.1.0
func (x CertificateRotationStrategy) String() string
func (CertificateRotationStrategy) Type ¶ added in v1.1.0
func (CertificateRotationStrategy) Type() protoreflect.EnumType
type CertificateRotationVerificationMethod ¶ added in v1.1.0
type CertificateRotationVerificationMethod struct { // Types that are assignable to Method: // *CertificateRotationVerificationMethod_None // *CertificateRotationVerificationMethod_Manual Method isCertificateRotationVerificationMethod_Method `protobuf_oneof:"method"` // contains filtered or unexported fields }
func (*CertificateRotationVerificationMethod) Descriptor
deprecated
added in
v1.1.0
func (*CertificateRotationVerificationMethod) Descriptor() ([]byte, []int)
Deprecated: Use CertificateRotationVerificationMethod.ProtoReflect.Descriptor instead.
func (*CertificateRotationVerificationMethod) Equal ¶ added in v1.1.0
func (m *CertificateRotationVerificationMethod) Equal(that interface{}) bool
Equal function
func (*CertificateRotationVerificationMethod) GetManual ¶ added in v1.1.0
func (x *CertificateRotationVerificationMethod) GetManual() *empty.Empty
func (*CertificateRotationVerificationMethod) GetMethod ¶ added in v1.1.0
func (m *CertificateRotationVerificationMethod) GetMethod() isCertificateRotationVerificationMethod_Method
func (*CertificateRotationVerificationMethod) GetNone ¶ added in v1.1.0
func (x *CertificateRotationVerificationMethod) GetNone() *empty.Empty
func (*CertificateRotationVerificationMethod) ProtoMessage ¶ added in v1.1.0
func (*CertificateRotationVerificationMethod) ProtoMessage()
func (*CertificateRotationVerificationMethod) ProtoReflect ¶ added in v1.1.0
func (x *CertificateRotationVerificationMethod) ProtoReflect() protoreflect.Message
func (*CertificateRotationVerificationMethod) Reset ¶ added in v1.1.0
func (x *CertificateRotationVerificationMethod) Reset()
func (*CertificateRotationVerificationMethod) String ¶ added in v1.1.0
func (x *CertificateRotationVerificationMethod) String() string
type CertificateRotationVerificationMethod_Manual ¶ added in v1.1.0
type CertificateRotationVerificationMethod_None ¶ added in v1.1.0
type Clientset ¶
type Clientset interface { // clienset for the certificates.mesh.gloo.solo.io/v1/v1 APIs IssuedCertificates() IssuedCertificateClient // clienset for the certificates.mesh.gloo.solo.io/v1/v1 APIs CertificateRequests() CertificateRequestClient // clienset for the certificates.mesh.gloo.solo.io/v1/v1 APIs PodBounceDirectives() PodBounceDirectiveClient }
clienset for the certificates.mesh.gloo.solo.io/v1 APIs
func NewClientset ¶
type CommonCertOptions ¶ added in v1.1.0
type CommonCertOptions struct { // Number of days before root cert expires. Defaults to 365. TtlDays uint32 `protobuf:"varint,1,opt,name=ttl_days,json=ttlDays,proto3" json:"ttl_days,omitempty"` // Size in bytes of the root cert's private key. Defaults to 4096. RsaKeySizeBytes uint32 `protobuf:"varint,2,opt,name=rsa_key_size_bytes,json=rsaKeySizeBytes,proto3" json:"rsa_key_size_bytes,omitempty"` // Root cert organization name. Defaults to "gloo-mesh". OrgName string `protobuf:"bytes,3,opt,name=org_name,json=orgName,proto3" json:"org_name,omitempty"` // The ratio of cert lifetime to refresh a cert. For example, at 0.10 and 1 hour TTL, // we would refresh 6 minutes before expiration SecretRotationGracePeriodRatio float32 `` /* 159-byte string literal not displayed */ // contains filtered or unexported fields }
Configuration for generating a self-signed root certificate. Uses the X.509 format, RFC5280.
func (*CommonCertOptions) Descriptor
deprecated
added in
v1.1.0
func (*CommonCertOptions) Descriptor() ([]byte, []int)
Deprecated: Use CommonCertOptions.ProtoReflect.Descriptor instead.
func (*CommonCertOptions) Equal ¶ added in v1.1.0
func (m *CommonCertOptions) Equal(that interface{}) bool
Equal function
func (*CommonCertOptions) GetOrgName ¶ added in v1.1.0
func (x *CommonCertOptions) GetOrgName() string
func (*CommonCertOptions) GetRsaKeySizeBytes ¶ added in v1.1.0
func (x *CommonCertOptions) GetRsaKeySizeBytes() uint32
func (*CommonCertOptions) GetSecretRotationGracePeriodRatio ¶ added in v1.1.0
func (x *CommonCertOptions) GetSecretRotationGracePeriodRatio() float32
func (*CommonCertOptions) GetTtlDays ¶ added in v1.1.0
func (x *CommonCertOptions) GetTtlDays() uint32
func (*CommonCertOptions) ProtoMessage ¶ added in v1.1.0
func (*CommonCertOptions) ProtoMessage()
func (*CommonCertOptions) ProtoReflect ¶ added in v1.1.0
func (x *CommonCertOptions) ProtoReflect() protoreflect.Message
func (*CommonCertOptions) Reset ¶ added in v1.1.0
func (x *CommonCertOptions) Reset()
func (*CommonCertOptions) String ¶ added in v1.1.0
func (x *CommonCertOptions) String() string
type IntermediateCertificateAuthority ¶ added in v1.1.0
type IntermediateCertificateAuthority struct { // Specify the source of the Root CA data which Gloo Mesh will use for the VirtualMesh. // // Types that are assignable to CaSource: // *IntermediateCertificateAuthority_Vault CaSource isIntermediateCertificateAuthority_CaSource `protobuf_oneof:"ca_source"` // contains filtered or unexported fields }
Specify parameters for configuring the root certificate authority for a VirtualMesh.
func (*IntermediateCertificateAuthority) Descriptor
deprecated
added in
v1.1.0
func (*IntermediateCertificateAuthority) Descriptor() ([]byte, []int)
Deprecated: Use IntermediateCertificateAuthority.ProtoReflect.Descriptor instead.
func (*IntermediateCertificateAuthority) Equal ¶ added in v1.1.0
func (m *IntermediateCertificateAuthority) Equal(that interface{}) bool
Equal function
func (*IntermediateCertificateAuthority) GetCaSource ¶ added in v1.1.0
func (m *IntermediateCertificateAuthority) GetCaSource() isIntermediateCertificateAuthority_CaSource
func (*IntermediateCertificateAuthority) GetVault ¶ added in v1.1.0
func (x *IntermediateCertificateAuthority) GetVault() *VaultCA
func (*IntermediateCertificateAuthority) ProtoMessage ¶ added in v1.1.0
func (*IntermediateCertificateAuthority) ProtoMessage()
func (*IntermediateCertificateAuthority) ProtoReflect ¶ added in v1.1.0
func (x *IntermediateCertificateAuthority) ProtoReflect() protoreflect.Message
func (*IntermediateCertificateAuthority) Reset ¶ added in v1.1.0
func (x *IntermediateCertificateAuthority) Reset()
func (*IntermediateCertificateAuthority) String ¶ added in v1.1.0
func (x *IntermediateCertificateAuthority) String() string
type IntermediateCertificateAuthority_Vault ¶ added in v1.1.0
type IntermediateCertificateAuthority_Vault struct { // Use vault as the intermediate CA source Vault *VaultCA `protobuf:"bytes,1,opt,name=vault,proto3,oneof"` }
type IssuedCertificate ¶
type IssuedCertificate struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec IssuedCertificateSpec `json:"spec,omitempty"` Status IssuedCertificateStatus `json:"status,omitempty"` }
IssuedCertificate is the Schema for the issuedCertificate API
func (*IssuedCertificate) DeepCopy ¶
func (in *IssuedCertificate) DeepCopy() *IssuedCertificate
func (*IssuedCertificate) DeepCopyInto ¶
func (in *IssuedCertificate) DeepCopyInto(out *IssuedCertificate)
func (*IssuedCertificate) DeepCopyObject ¶
func (in *IssuedCertificate) DeepCopyObject() runtime.Object
func (IssuedCertificate) GVK ¶
func (IssuedCertificate) GVK() schema.GroupVersionKind
GVK returns the GroupVersionKind associated with the resource type.
type IssuedCertificateClient ¶
type IssuedCertificateClient interface { IssuedCertificateReader IssuedCertificateWriter IssuedCertificateStatusWriter }
Client knows how to perform CRUD operations on IssuedCertificates.
type IssuedCertificateList ¶
type IssuedCertificateList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []IssuedCertificate `json:"items"` }
IssuedCertificateList contains a list of IssuedCertificate
func (*IssuedCertificateList) DeepCopy ¶
func (in *IssuedCertificateList) DeepCopy() *IssuedCertificateList
func (*IssuedCertificateList) DeepCopyInto ¶
func (in *IssuedCertificateList) DeepCopyInto(out *IssuedCertificateList)
func (*IssuedCertificateList) DeepCopyObject ¶
func (in *IssuedCertificateList) DeepCopyObject() runtime.Object
type IssuedCertificateReader ¶
type IssuedCertificateReader interface { // Get retrieves a IssuedCertificate for the given object key GetIssuedCertificate(ctx context.Context, key client.ObjectKey) (*IssuedCertificate, error) // List retrieves list of IssuedCertificates for a given namespace and list options. ListIssuedCertificate(ctx context.Context, opts ...client.ListOption) (*IssuedCertificateList, error) }
Reader knows how to read and list IssuedCertificates.
type IssuedCertificateSlice ¶
type IssuedCertificateSlice []*IssuedCertificate
IssuedCertificateSlice represents a slice of *IssuedCertificate
type IssuedCertificateSpec ¶
type IssuedCertificateSpec struct { // //A list of hostnames and IPs to generate a certificate for. //This can also be set to the identity running the workload, //e.g. a Kubernetes service account. // //Generally for an Istio CA this will take the form `spiffe://cluster.local/ns/istio-system/sa/citadel`. // //"cluster.local" may be replaced by the root of trust domain for the mesh. Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"` // DEPRECATED: in favor of `common_cert_options.org_name` Org string `protobuf:"bytes,2,opt,name=org,proto3" json:"org,omitempty"` // DEPRECATED: in favor of `gloo_mesh_ca.signing_certificate_secret` // The secret containing the root SSL certificate used to sign this IssuedCertificate (located in the certificate issuer's cluster). SigningCertificateSecret *v1.ObjectRef `` /* 135-byte string literal not displayed */ // The secret containing the SSL certificate to be generated for this IssuedCertificate (located in the Gloo Mesh agent's cluster). // If nil, the sidecar agent stores the signing certificate in memory. (Enterprise only) IssuedCertificateSecret *v1.ObjectRef `` /* 132-byte string literal not displayed */ // A reference to a PodBounceDirective specifying a list of Kubernetes pods to bounce // (delete and cause a restart) when the certificate is issued. // // Istio-controlled pods require restarting in order for Envoy proxies to pick up the newly issued certificate // due to [this issue](https://github.com/istio/istio/issues/22993). // // This will include the control plane pods as well as any Pods // which share a data plane with the target mesh. PodBounceDirective *v1.ObjectRef `protobuf:"bytes,5,opt,name=pod_bounce_directive,json=podBounceDirective,proto3" json:"pod_bounce_directive,omitempty"` // Set of options to configure the intermediate certificate being generated CertOptions *CommonCertOptions `protobuf:"bytes,6,opt,name=cert_options,json=certOptions,proto3" json:"cert_options,omitempty"` // The location of the certificate authority to sign this certificate // // Types that are assignable to CertificateAuthority: // *IssuedCertificateSpec_GlooMeshCa // *IssuedCertificateSpec_AgentCa CertificateAuthority isIssuedCertificateSpec_CertificateAuthority `protobuf_oneof:"certificate_authority"` // The current state of rotation, this value signals to the cert issuer how to // construct the intermediary certs which the data-plane clusters receive RotationState CertificateRotationState `` /* 162-byte string literal not displayed */ // contains filtered or unexported fields }
IssuedCertificates are used to issue SSL certificates to remote Kubernetes clusters from a central (out-of-cluster) Certificate Authority.
When an IssuedCertificate is created, a certificate is issued to a remote cluster by a central Certificate Authority via the following workflow:
1. The Certificate Issuer creates the IssuedCertificate resource on the remote cluster 2. The Certificate Signature Requesting Agent installed to the remote cluster generates a Certificate Signing Request and writes it to the status of the IssuedCertificate 3. Finally, the Certificate Issuer generates signed a certificate for the CSR and writes it back as Kubernetes Secret in the remote cluster.
Trust can therefore be established across clusters without requiring private keys to ever leave the node.
func (*IssuedCertificateSpec) DeepCopyInto ¶
func (in *IssuedCertificateSpec) DeepCopyInto(out *IssuedCertificateSpec)
DeepCopyInto for the IssuedCertificate.Spec
func (*IssuedCertificateSpec) Descriptor
deprecated
func (*IssuedCertificateSpec) Descriptor() ([]byte, []int)
Deprecated: Use IssuedCertificateSpec.ProtoReflect.Descriptor instead.
func (*IssuedCertificateSpec) Equal ¶
func (m *IssuedCertificateSpec) Equal(that interface{}) bool
Equal function
func (*IssuedCertificateSpec) GetAgentCa ¶ added in v1.1.0
func (x *IssuedCertificateSpec) GetAgentCa() *IntermediateCertificateAuthority
func (*IssuedCertificateSpec) GetCertOptions ¶ added in v1.1.0
func (x *IssuedCertificateSpec) GetCertOptions() *CommonCertOptions
func (*IssuedCertificateSpec) GetCertificateAuthority ¶ added in v1.1.0
func (m *IssuedCertificateSpec) GetCertificateAuthority() isIssuedCertificateSpec_CertificateAuthority
func (*IssuedCertificateSpec) GetGlooMeshCa ¶ added in v1.1.0
func (x *IssuedCertificateSpec) GetGlooMeshCa() *RootCertificateAuthority
func (*IssuedCertificateSpec) GetHosts ¶
func (x *IssuedCertificateSpec) GetHosts() []string
func (*IssuedCertificateSpec) GetIssuedCertificateSecret ¶
func (x *IssuedCertificateSpec) GetIssuedCertificateSecret() *v1.ObjectRef
func (*IssuedCertificateSpec) GetOrg ¶
func (x *IssuedCertificateSpec) GetOrg() string
func (*IssuedCertificateSpec) GetPodBounceDirective ¶
func (x *IssuedCertificateSpec) GetPodBounceDirective() *v1.ObjectRef
func (*IssuedCertificateSpec) GetRotationState ¶ added in v1.1.0
func (x *IssuedCertificateSpec) GetRotationState() CertificateRotationState
func (*IssuedCertificateSpec) GetSigningCertificateSecret ¶
func (x *IssuedCertificateSpec) GetSigningCertificateSecret() *v1.ObjectRef
func (*IssuedCertificateSpec) MarshalJSON ¶
func (this *IssuedCertificateSpec) MarshalJSON() ([]byte, error)
MarshalJSON is a custom marshaler for IssuedCertificateSpec
func (*IssuedCertificateSpec) ProtoMessage ¶
func (*IssuedCertificateSpec) ProtoMessage()
func (*IssuedCertificateSpec) ProtoReflect ¶
func (x *IssuedCertificateSpec) ProtoReflect() protoreflect.Message
func (*IssuedCertificateSpec) Reset ¶
func (x *IssuedCertificateSpec) Reset()
func (*IssuedCertificateSpec) String ¶
func (x *IssuedCertificateSpec) String() string
func (*IssuedCertificateSpec) UnmarshalJSON ¶
func (this *IssuedCertificateSpec) UnmarshalJSON(b []byte) error
UnmarshalJSON is a custom unmarshaler for IssuedCertificateSpec
type IssuedCertificateSpec_AgentCa ¶ added in v1.1.0
type IssuedCertificateSpec_AgentCa struct { // Agent CA options AgentCa *IntermediateCertificateAuthority `protobuf:"bytes,8,opt,name=agent_ca,json=agentCa,proto3,oneof"` }
type IssuedCertificateSpec_GlooMeshCa ¶ added in v1.1.0
type IssuedCertificateSpec_GlooMeshCa struct { // Gloo Mesh CA options GlooMeshCa *RootCertificateAuthority `protobuf:"bytes,7,opt,name=gloo_mesh_ca,json=glooMeshCa,proto3,oneof"` }
type IssuedCertificateStatus ¶
type IssuedCertificateStatus struct { // The most recent generation observed in the the IssuedCertificate metadata. // If the `observedGeneration` does not match `metadata.generation`, the Gloo Mesh agent has not processed the most // recent version of this IssuedCertificate. ObservedGeneration int64 `protobuf:"varint,1,opt,name=observed_generation,json=observedGeneration,proto3" json:"observed_generation,omitempty"` // Any error observed which prevented the CertificateRequest from being processed. // If the error is empty, the request has been processed successfully. Error string `protobuf:"bytes,2,opt,name=error,proto3" json:"error,omitempty"` // The current state of the IssuedCertificate workflow, reported by the agent. State IssuedCertificateStatus_State `` /* 130-byte string literal not displayed */ // The location of the certificate authority to sign this certificate // // Types that are assignable to AppliedCertificateAuthority: // *IssuedCertificateStatus_AppliedGlooMeshCa // *IssuedCertificateStatus_AppliedAgentCa AppliedCertificateAuthority isIssuedCertificateStatus_AppliedCertificateAuthority `protobuf_oneof:"applied_certificate_authority"` // The rotation state as recorded by the issued cert agent. This is read by the networking // reconciler to ensure it is looking at the correct iteration of the object. ObservedRotationState CertificateRotationState `` /* 188-byte string literal not displayed */ // contains filtered or unexported fields }
The IssuedCertificate status is written by the CertificateRequesting agent.
func (*IssuedCertificateStatus) DeepCopyInto ¶
func (in *IssuedCertificateStatus) DeepCopyInto(out *IssuedCertificateStatus)
DeepCopyInto for the IssuedCertificate.Status
func (*IssuedCertificateStatus) Descriptor
deprecated
func (*IssuedCertificateStatus) Descriptor() ([]byte, []int)
Deprecated: Use IssuedCertificateStatus.ProtoReflect.Descriptor instead.
func (*IssuedCertificateStatus) Equal ¶
func (m *IssuedCertificateStatus) Equal(that interface{}) bool
Equal function
func (*IssuedCertificateStatus) GetAppliedAgentCa ¶ added in v1.1.0
func (x *IssuedCertificateStatus) GetAppliedAgentCa() *IntermediateCertificateAuthority
func (*IssuedCertificateStatus) GetAppliedCertificateAuthority ¶ added in v1.1.0
func (m *IssuedCertificateStatus) GetAppliedCertificateAuthority() isIssuedCertificateStatus_AppliedCertificateAuthority
func (*IssuedCertificateStatus) GetAppliedGlooMeshCa ¶ added in v1.1.0
func (x *IssuedCertificateStatus) GetAppliedGlooMeshCa() *RootCertificateAuthority
func (*IssuedCertificateStatus) GetError ¶
func (x *IssuedCertificateStatus) GetError() string
func (*IssuedCertificateStatus) GetObservedGeneration ¶
func (x *IssuedCertificateStatus) GetObservedGeneration() int64
func (*IssuedCertificateStatus) GetObservedRotationState ¶ added in v1.1.0
func (x *IssuedCertificateStatus) GetObservedRotationState() CertificateRotationState
func (*IssuedCertificateStatus) GetState ¶
func (x *IssuedCertificateStatus) GetState() IssuedCertificateStatus_State
func (*IssuedCertificateStatus) MarshalJSON ¶
func (this *IssuedCertificateStatus) MarshalJSON() ([]byte, error)
MarshalJSON is a custom marshaler for IssuedCertificateStatus
func (*IssuedCertificateStatus) ProtoMessage ¶
func (*IssuedCertificateStatus) ProtoMessage()
func (*IssuedCertificateStatus) ProtoReflect ¶
func (x *IssuedCertificateStatus) ProtoReflect() protoreflect.Message
func (*IssuedCertificateStatus) Reset ¶
func (x *IssuedCertificateStatus) Reset()
func (*IssuedCertificateStatus) String ¶
func (x *IssuedCertificateStatus) String() string
func (*IssuedCertificateStatus) UnmarshalJSON ¶
func (this *IssuedCertificateStatus) UnmarshalJSON(b []byte) error
UnmarshalJSON is a custom unmarshaler for IssuedCertificateStatus
type IssuedCertificateStatusWriter ¶
type IssuedCertificateStatusWriter interface { // Update updates the fields corresponding to the status subresource for the // given IssuedCertificate object. UpdateIssuedCertificateStatus(ctx context.Context, obj *IssuedCertificate, opts ...client.UpdateOption) error // Patch patches the given IssuedCertificate object's subresource. PatchIssuedCertificateStatus(ctx context.Context, obj *IssuedCertificate, patch client.Patch, opts ...client.PatchOption) error }
StatusWriter knows how to update status subresource of a IssuedCertificate object.
type IssuedCertificateStatus_AppliedAgentCa ¶ added in v1.1.0
type IssuedCertificateStatus_AppliedAgentCa struct { // Agent CA options AppliedAgentCa *IntermediateCertificateAuthority `protobuf:"bytes,5,opt,name=applied_agent_ca,json=appliedAgentCa,proto3,oneof"` }
type IssuedCertificateStatus_AppliedGlooMeshCa ¶ added in v1.1.0
type IssuedCertificateStatus_AppliedGlooMeshCa struct { // Gloo Mesh CA options AppliedGlooMeshCa *RootCertificateAuthority `protobuf:"bytes,4,opt,name=applied_gloo_mesh_ca,json=appliedGlooMeshCa,proto3,oneof"` }
type IssuedCertificateStatus_State ¶
type IssuedCertificateStatus_State int32
Possible states in which an IssuedCertificate can exist.
const ( // The IssuedCertificate has yet to be picked up by the agent. IssuedCertificateStatus_PENDING IssuedCertificateStatus_State = 0 // The agent has created a local private key // and a CertificateRequest for the IssuedCertificate. // In this state, the agent is waiting for the Issuer // to issue certificates for the CertificateRequest before proceeding. IssuedCertificateStatus_REQUESTED IssuedCertificateStatus_State = 1 // The certificate has been issued. Any pods that require restarting will be restarted at this point. IssuedCertificateStatus_ISSUED IssuedCertificateStatus_State = 2 // The reply from the Issuer has been processed and // the agent has placed the final certificate secret // in the target location specified by the IssuedCertificate. IssuedCertificateStatus_FINISHED IssuedCertificateStatus_State = 3 // Processing the certificate workflow failed. IssuedCertificateStatus_FAILED IssuedCertificateStatus_State = 4 )
func (IssuedCertificateStatus_State) Descriptor ¶
func (IssuedCertificateStatus_State) Descriptor() protoreflect.EnumDescriptor
func (IssuedCertificateStatus_State) Enum ¶
func (x IssuedCertificateStatus_State) Enum() *IssuedCertificateStatus_State
func (IssuedCertificateStatus_State) EnumDescriptor
deprecated
func (IssuedCertificateStatus_State) EnumDescriptor() ([]byte, []int)
Deprecated: Use IssuedCertificateStatus_State.Descriptor instead.
func (IssuedCertificateStatus_State) Number ¶
func (x IssuedCertificateStatus_State) Number() protoreflect.EnumNumber
func (IssuedCertificateStatus_State) String ¶
func (x IssuedCertificateStatus_State) String() string
func (IssuedCertificateStatus_State) Type ¶
func (IssuedCertificateStatus_State) Type() protoreflect.EnumType
type IssuedCertificateTransitionFunction ¶
type IssuedCertificateTransitionFunction func(existing, desired *IssuedCertificate) error
IssuedCertificateTransitionFunction instructs the IssuedCertificateWriter how to transition between an existing IssuedCertificate object and a desired on an Upsert
type IssuedCertificateWriter ¶
type IssuedCertificateWriter interface { // Create saves the IssuedCertificate object. CreateIssuedCertificate(ctx context.Context, obj *IssuedCertificate, opts ...client.CreateOption) error // Delete deletes the IssuedCertificate object. DeleteIssuedCertificate(ctx context.Context, key client.ObjectKey, opts ...client.DeleteOption) error // Update updates the given IssuedCertificate object. UpdateIssuedCertificate(ctx context.Context, obj *IssuedCertificate, opts ...client.UpdateOption) error // Patch patches the given IssuedCertificate object. PatchIssuedCertificate(ctx context.Context, obj *IssuedCertificate, patch client.Patch, opts ...client.PatchOption) error // DeleteAllOf deletes all IssuedCertificate objects matching the given options. DeleteAllOfIssuedCertificate(ctx context.Context, opts ...client.DeleteAllOfOption) error // Create or Update the IssuedCertificate object. UpsertIssuedCertificate(ctx context.Context, obj *IssuedCertificate, transitionFuncs ...IssuedCertificateTransitionFunction) error }
Writer knows how to create, delete, and update IssuedCertificates.
type MulticlusterCertificateRequestClient ¶
type MulticlusterCertificateRequestClient interface { // Cluster returns a CertificateRequestClient for the given cluster Cluster(cluster string) (CertificateRequestClient, error) }
Provides CertificateRequestClients for multiple clusters.
func NewMulticlusterCertificateRequestClient ¶
func NewMulticlusterCertificateRequestClient(client multicluster.Client) MulticlusterCertificateRequestClient
type MulticlusterClientset ¶
type MulticlusterClientset interface { // Cluster returns a Clientset for the given cluster Cluster(cluster string) (Clientset, error) }
MulticlusterClientset for the certificates.mesh.gloo.solo.io/v1 APIs
func NewMulticlusterClientset ¶
func NewMulticlusterClientset(client multicluster.Client) MulticlusterClientset
type MulticlusterIssuedCertificateClient ¶
type MulticlusterIssuedCertificateClient interface { // Cluster returns a IssuedCertificateClient for the given cluster Cluster(cluster string) (IssuedCertificateClient, error) }
Provides IssuedCertificateClients for multiple clusters.
func NewMulticlusterIssuedCertificateClient ¶
func NewMulticlusterIssuedCertificateClient(client multicluster.Client) MulticlusterIssuedCertificateClient
type MulticlusterPodBounceDirectiveClient ¶
type MulticlusterPodBounceDirectiveClient interface { // Cluster returns a PodBounceDirectiveClient for the given cluster Cluster(cluster string) (PodBounceDirectiveClient, error) }
Provides PodBounceDirectiveClients for multiple clusters.
func NewMulticlusterPodBounceDirectiveClient ¶
func NewMulticlusterPodBounceDirectiveClient(client multicluster.Client) MulticlusterPodBounceDirectiveClient
type PodBounceDirective ¶
type PodBounceDirective struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec PodBounceDirectiveSpec `json:"spec,omitempty"` Status PodBounceDirectiveStatus `json:"status,omitempty"` }
PodBounceDirective is the Schema for the podBounceDirective API
func (*PodBounceDirective) DeepCopy ¶
func (in *PodBounceDirective) DeepCopy() *PodBounceDirective
func (*PodBounceDirective) DeepCopyInto ¶
func (in *PodBounceDirective) DeepCopyInto(out *PodBounceDirective)
func (*PodBounceDirective) DeepCopyObject ¶
func (in *PodBounceDirective) DeepCopyObject() runtime.Object
func (PodBounceDirective) GVK ¶
func (PodBounceDirective) GVK() schema.GroupVersionKind
GVK returns the GroupVersionKind associated with the resource type.
type PodBounceDirectiveClient ¶
type PodBounceDirectiveClient interface { PodBounceDirectiveReader PodBounceDirectiveWriter PodBounceDirectiveStatusWriter }
Client knows how to perform CRUD operations on PodBounceDirectives.
type PodBounceDirectiveList ¶
type PodBounceDirectiveList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []PodBounceDirective `json:"items"` }
PodBounceDirectiveList contains a list of PodBounceDirective
func (*PodBounceDirectiveList) DeepCopy ¶
func (in *PodBounceDirectiveList) DeepCopy() *PodBounceDirectiveList
func (*PodBounceDirectiveList) DeepCopyInto ¶
func (in *PodBounceDirectiveList) DeepCopyInto(out *PodBounceDirectiveList)
func (*PodBounceDirectiveList) DeepCopyObject ¶
func (in *PodBounceDirectiveList) DeepCopyObject() runtime.Object
type PodBounceDirectiveReader ¶
type PodBounceDirectiveReader interface { // Get retrieves a PodBounceDirective for the given object key GetPodBounceDirective(ctx context.Context, key client.ObjectKey) (*PodBounceDirective, error) // List retrieves list of PodBounceDirectives for a given namespace and list options. ListPodBounceDirective(ctx context.Context, opts ...client.ListOption) (*PodBounceDirectiveList, error) }
Reader knows how to read and list PodBounceDirectives.
type PodBounceDirectiveSlice ¶
type PodBounceDirectiveSlice []*PodBounceDirective
PodBounceDirectiveSlice represents a slice of *PodBounceDirective
type PodBounceDirectiveSpec ¶
type PodBounceDirectiveSpec struct { // A list of Kubernetes pods to bounce (delete and cause a restart) // when the certificate is issued. // This will include the control plane pods as well as any Pods // which share a data plane with the target mesh. PodsToBounce []*PodBounceDirectiveSpec_PodSelector `protobuf:"bytes,6,rep,name=pods_to_bounce,json=podsToBounce,proto3" json:"pods_to_bounce,omitempty"` // contains filtered or unexported fields }
When certificates are issued, Istio-controlled pods need to be bounced (restarted) to ensure they pick up the new certificates due to [this issue](https://github.com/istio/istio/issues/22993). The certificate issuer will create a PodBounceDirective containing the namespaces and labels of the pods that need to be bounced in order to pick up the new certs.
func (*PodBounceDirectiveSpec) DeepCopyInto ¶
func (in *PodBounceDirectiveSpec) DeepCopyInto(out *PodBounceDirectiveSpec)
DeepCopyInto for the PodBounceDirective.Spec
func (*PodBounceDirectiveSpec) Descriptor
deprecated
func (*PodBounceDirectiveSpec) Descriptor() ([]byte, []int)
Deprecated: Use PodBounceDirectiveSpec.ProtoReflect.Descriptor instead.
func (*PodBounceDirectiveSpec) Equal ¶
func (m *PodBounceDirectiveSpec) Equal(that interface{}) bool
Equal function
func (*PodBounceDirectiveSpec) GetPodsToBounce ¶
func (x *PodBounceDirectiveSpec) GetPodsToBounce() []*PodBounceDirectiveSpec_PodSelector
func (*PodBounceDirectiveSpec) MarshalJSON ¶
func (this *PodBounceDirectiveSpec) MarshalJSON() ([]byte, error)
MarshalJSON is a custom marshaler for PodBounceDirectiveSpec
func (*PodBounceDirectiveSpec) ProtoMessage ¶
func (*PodBounceDirectiveSpec) ProtoMessage()
func (*PodBounceDirectiveSpec) ProtoReflect ¶
func (x *PodBounceDirectiveSpec) ProtoReflect() protoreflect.Message
func (*PodBounceDirectiveSpec) Reset ¶
func (x *PodBounceDirectiveSpec) Reset()
func (*PodBounceDirectiveSpec) String ¶
func (x *PodBounceDirectiveSpec) String() string
func (*PodBounceDirectiveSpec) UnmarshalJSON ¶
func (this *PodBounceDirectiveSpec) UnmarshalJSON(b []byte) error
UnmarshalJSON is a custom unmarshaler for PodBounceDirectiveSpec
type PodBounceDirectiveSpec_PodSelector ¶
type PodBounceDirectiveSpec_PodSelector struct { // The namespace in which the pods live. Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` // Any labels shared by the Pods. Labels map[string]string `` /* 153-byte string literal not displayed */ // Wait for this number of replacement pods to reach be fully ready before // deleting the next set of selected Pods. // This is used to ensure the control plane pods are allowed to restart // before sidecars and gateways are restarted. WaitForReplicas uint32 `protobuf:"varint,3,opt,name=wait_for_replicas,json=waitForReplicas,proto3" json:"wait_for_replicas,omitempty"` // Wait for the control plane to have synced all root cert configmaps in data plane namespaces before // bouncing these Pods. RootCertSync *PodBounceDirectiveSpec_PodSelector_RootCertSync `protobuf:"bytes,4,opt,name=root_cert_sync,json=rootCertSync,proto3" json:"root_cert_sync,omitempty"` // contains filtered or unexported fields }
pods that will be restarted.
func (*PodBounceDirectiveSpec_PodSelector) Descriptor
deprecated
func (*PodBounceDirectiveSpec_PodSelector) Descriptor() ([]byte, []int)
Deprecated: Use PodBounceDirectiveSpec_PodSelector.ProtoReflect.Descriptor instead.
func (*PodBounceDirectiveSpec_PodSelector) Equal ¶
func (m *PodBounceDirectiveSpec_PodSelector) Equal(that interface{}) bool
Equal function
func (*PodBounceDirectiveSpec_PodSelector) GetLabels ¶
func (x *PodBounceDirectiveSpec_PodSelector) GetLabels() map[string]string
func (*PodBounceDirectiveSpec_PodSelector) GetNamespace ¶
func (x *PodBounceDirectiveSpec_PodSelector) GetNamespace() string
func (*PodBounceDirectiveSpec_PodSelector) GetRootCertSync ¶
func (x *PodBounceDirectiveSpec_PodSelector) GetRootCertSync() *PodBounceDirectiveSpec_PodSelector_RootCertSync
func (*PodBounceDirectiveSpec_PodSelector) GetWaitForReplicas ¶
func (x *PodBounceDirectiveSpec_PodSelector) GetWaitForReplicas() uint32
func (*PodBounceDirectiveSpec_PodSelector) ProtoMessage ¶
func (*PodBounceDirectiveSpec_PodSelector) ProtoMessage()
func (*PodBounceDirectiveSpec_PodSelector) ProtoReflect ¶
func (x *PodBounceDirectiveSpec_PodSelector) ProtoReflect() protoreflect.Message
func (*PodBounceDirectiveSpec_PodSelector) Reset ¶
func (x *PodBounceDirectiveSpec_PodSelector) Reset()
func (*PodBounceDirectiveSpec_PodSelector) String ¶
func (x *PodBounceDirectiveSpec_PodSelector) String() string
type PodBounceDirectiveSpec_PodSelector_RootCertSync ¶
type PodBounceDirectiveSpec_PodSelector_RootCertSync struct { SecretRef *v1.ObjectRef `protobuf:"bytes,1,opt,name=secret_ref,json=secretRef,proto3" json:"secret_ref,omitempty"` SecretKey string `protobuf:"bytes,2,opt,name=secret_key,json=secretKey,proto3" json:"secret_key,omitempty"` ConfigMapRef *v1.ObjectRef `protobuf:"bytes,3,opt,name=config_map_ref,json=configMapRef,proto3" json:"config_map_ref,omitempty"` ConfigMapKey string `protobuf:"bytes,4,opt,name=config_map_key,json=configMapKey,proto3" json:"config_map_key,omitempty"` // contains filtered or unexported fields }
RootCertSync describes values in a secret and configmap which must be equal in order for a Pod to be bounced.
func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) Descriptor
deprecated
func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) Descriptor() ([]byte, []int)
Deprecated: Use PodBounceDirectiveSpec_PodSelector_RootCertSync.ProtoReflect.Descriptor instead.
func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) Equal ¶
func (m *PodBounceDirectiveSpec_PodSelector_RootCertSync) Equal(that interface{}) bool
Equal function
func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) GetConfigMapKey ¶
func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) GetConfigMapKey() string
func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) GetConfigMapRef ¶
func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) GetConfigMapRef() *v1.ObjectRef
func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) GetSecretKey ¶
func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) GetSecretKey() string
func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) GetSecretRef ¶
func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) GetSecretRef() *v1.ObjectRef
func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) ProtoMessage ¶
func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) ProtoMessage()
func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) ProtoReflect ¶
func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) ProtoReflect() protoreflect.Message
func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) Reset ¶
func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) Reset()
func (*PodBounceDirectiveSpec_PodSelector_RootCertSync) String ¶
func (x *PodBounceDirectiveSpec_PodSelector_RootCertSync) String() string
type PodBounceDirectiveStatus ¶
type PodBounceDirectiveStatus struct { // A list of Kubernetes pods to bounce (delete and cause a restart) // when the certificate is issued. // This will include the control plane pods as well as any Pods // which share a data plane with the target mesh. PodsBounced []*PodBounceDirectiveStatus_BouncedPodSet `protobuf:"bytes,4,rep,name=pods_bounced,json=podsBounced,proto3" json:"pods_bounced,omitempty"` // contains filtered or unexported fields }
PodBounceDirectiveStatus reports the status for stateful Pod bounces (when bouncing pods requires waiting for readiness).
func (*PodBounceDirectiveStatus) DeepCopyInto ¶
func (in *PodBounceDirectiveStatus) DeepCopyInto(out *PodBounceDirectiveStatus)
DeepCopyInto for the PodBounceDirective.Status
func (*PodBounceDirectiveStatus) Descriptor
deprecated
func (*PodBounceDirectiveStatus) Descriptor() ([]byte, []int)
Deprecated: Use PodBounceDirectiveStatus.ProtoReflect.Descriptor instead.
func (*PodBounceDirectiveStatus) Equal ¶
func (m *PodBounceDirectiveStatus) Equal(that interface{}) bool
Equal function
func (*PodBounceDirectiveStatus) GetPodsBounced ¶
func (x *PodBounceDirectiveStatus) GetPodsBounced() []*PodBounceDirectiveStatus_BouncedPodSet
func (*PodBounceDirectiveStatus) MarshalJSON ¶
func (this *PodBounceDirectiveStatus) MarshalJSON() ([]byte, error)
MarshalJSON is a custom marshaler for PodBounceDirectiveStatus
func (*PodBounceDirectiveStatus) ProtoMessage ¶
func (*PodBounceDirectiveStatus) ProtoMessage()
func (*PodBounceDirectiveStatus) ProtoReflect ¶
func (x *PodBounceDirectiveStatus) ProtoReflect() protoreflect.Message
func (*PodBounceDirectiveStatus) Reset ¶
func (x *PodBounceDirectiveStatus) Reset()
func (*PodBounceDirectiveStatus) String ¶
func (x *PodBounceDirectiveStatus) String() string
func (*PodBounceDirectiveStatus) UnmarshalJSON ¶
func (this *PodBounceDirectiveStatus) UnmarshalJSON(b []byte) error
UnmarshalJSON is a custom unmarshaler for PodBounceDirectiveStatus
type PodBounceDirectiveStatusWriter ¶
type PodBounceDirectiveStatusWriter interface { // Update updates the fields corresponding to the status subresource for the // given PodBounceDirective object. UpdatePodBounceDirectiveStatus(ctx context.Context, obj *PodBounceDirective, opts ...client.UpdateOption) error // Patch patches the given PodBounceDirective object's subresource. PatchPodBounceDirectiveStatus(ctx context.Context, obj *PodBounceDirective, patch client.Patch, opts ...client.PatchOption) error }
StatusWriter knows how to update status subresource of a PodBounceDirective object.
type PodBounceDirectiveStatus_BouncedPodSet ¶
type PodBounceDirectiveStatus_BouncedPodSet struct { // The names of the pods that were bounced for the corresponding selector specified in `PodBounceDirectiveSpec.PodSelector.labels`. BouncedPods []string `protobuf:"bytes,1,rep,name=bounced_pods,json=bouncedPods,proto3" json:"bounced_pods,omitempty"` // contains filtered or unexported fields }
A set of pods that were restarted.
func (*PodBounceDirectiveStatus_BouncedPodSet) Descriptor
deprecated
func (*PodBounceDirectiveStatus_BouncedPodSet) Descriptor() ([]byte, []int)
Deprecated: Use PodBounceDirectiveStatus_BouncedPodSet.ProtoReflect.Descriptor instead.
func (*PodBounceDirectiveStatus_BouncedPodSet) Equal ¶
func (m *PodBounceDirectiveStatus_BouncedPodSet) Equal(that interface{}) bool
Equal function
func (*PodBounceDirectiveStatus_BouncedPodSet) GetBouncedPods ¶
func (x *PodBounceDirectiveStatus_BouncedPodSet) GetBouncedPods() []string
func (*PodBounceDirectiveStatus_BouncedPodSet) ProtoMessage ¶
func (*PodBounceDirectiveStatus_BouncedPodSet) ProtoMessage()
func (*PodBounceDirectiveStatus_BouncedPodSet) ProtoReflect ¶
func (x *PodBounceDirectiveStatus_BouncedPodSet) ProtoReflect() protoreflect.Message
func (*PodBounceDirectiveStatus_BouncedPodSet) Reset ¶
func (x *PodBounceDirectiveStatus_BouncedPodSet) Reset()
func (*PodBounceDirectiveStatus_BouncedPodSet) String ¶
func (x *PodBounceDirectiveStatus_BouncedPodSet) String() string
type PodBounceDirectiveTransitionFunction ¶
type PodBounceDirectiveTransitionFunction func(existing, desired *PodBounceDirective) error
PodBounceDirectiveTransitionFunction instructs the PodBounceDirectiveWriter how to transition between an existing PodBounceDirective object and a desired on an Upsert
type PodBounceDirectiveWriter ¶
type PodBounceDirectiveWriter interface { // Create saves the PodBounceDirective object. CreatePodBounceDirective(ctx context.Context, obj *PodBounceDirective, opts ...client.CreateOption) error // Delete deletes the PodBounceDirective object. DeletePodBounceDirective(ctx context.Context, key client.ObjectKey, opts ...client.DeleteOption) error // Update updates the given PodBounceDirective object. UpdatePodBounceDirective(ctx context.Context, obj *PodBounceDirective, opts ...client.UpdateOption) error // Patch patches the given PodBounceDirective object. PatchPodBounceDirective(ctx context.Context, obj *PodBounceDirective, patch client.Patch, opts ...client.PatchOption) error // DeleteAllOf deletes all PodBounceDirective objects matching the given options. DeleteAllOfPodBounceDirective(ctx context.Context, opts ...client.DeleteAllOfOption) error // Create or Update the PodBounceDirective object. UpsertPodBounceDirective(ctx context.Context, obj *PodBounceDirective, transitionFuncs ...PodBounceDirectiveTransitionFunction) error }
Writer knows how to create, delete, and update PodBounceDirectives.
type RootCertificateAuthority ¶ added in v1.1.0
type RootCertificateAuthority struct { // Certificate authority which gloo-mesh management will use to sign the intermediate cert // // Types that are assignable to CertificateAuthority: // *RootCertificateAuthority_SigningCertificateSecret CertificateAuthority isRootCertificateAuthority_CertificateAuthority `protobuf_oneof:"certificate_authority"` // contains filtered or unexported fields }
Set of options which represent the certificate authorities the management cluster can use to sign the intermediate certs.
func (*RootCertificateAuthority) Descriptor
deprecated
added in
v1.1.0
func (*RootCertificateAuthority) Descriptor() ([]byte, []int)
Deprecated: Use RootCertificateAuthority.ProtoReflect.Descriptor instead.
func (*RootCertificateAuthority) Equal ¶ added in v1.1.0
func (m *RootCertificateAuthority) Equal(that interface{}) bool
Equal function
func (*RootCertificateAuthority) GetCertificateAuthority ¶ added in v1.1.0
func (m *RootCertificateAuthority) GetCertificateAuthority() isRootCertificateAuthority_CertificateAuthority
func (*RootCertificateAuthority) GetSigningCertificateSecret ¶ added in v1.1.0
func (x *RootCertificateAuthority) GetSigningCertificateSecret() *v1.ObjectRef
func (*RootCertificateAuthority) ProtoMessage ¶ added in v1.1.0
func (*RootCertificateAuthority) ProtoMessage()
func (*RootCertificateAuthority) ProtoReflect ¶ added in v1.1.0
func (x *RootCertificateAuthority) ProtoReflect() protoreflect.Message
func (*RootCertificateAuthority) Reset ¶ added in v1.1.0
func (x *RootCertificateAuthority) Reset()
func (*RootCertificateAuthority) String ¶ added in v1.1.0
func (x *RootCertificateAuthority) String() string
type RootCertificateAuthority_SigningCertificateSecret ¶ added in v1.1.0
type VaultCA ¶ added in v1.1.0
type VaultCA struct { // `ca_path` is the mount path of the Vault PKI backend's `sign` endpoint, e.g: // "my_pki_mount/sign/my-role-name". CaPath string `protobuf:"bytes,1,opt,name=ca_path,json=caPath,proto3" json:"ca_path,omitempty"` // `csr_path` is the mount path of the Vault PKI backend's `generate` endpoint, e.g: // "my_pki_mount/intermediate/generate/exported". // "exported" is necessary here as istio needs access to the private key // See vault docs here: https://www.vaultproject.io/api-docs/secret/pki#parameters-4 CsrPath string `protobuf:"bytes,2,opt,name=csr_path,json=csrPath,proto3" json:"csr_path,omitempty"` // Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". Server string `protobuf:"bytes,3,opt,name=server,proto3" json:"server,omitempty"` // PEM encoded CA bundle used to validate Vault server certificate. Only used // if the Server URL is using HTTPS protocol. This parameter is ignored for // plain HTTP protocol connection. If not set the system root certificates // are used to validate the TLS connection. CaBundle []byte `protobuf:"bytes,4,opt,name=ca_bundle,json=caBundle,proto3" json:"ca_bundle,omitempty"` // Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" // More about namespaces can be found [here](https://www.vaultproject.io/docs/enterprise/namespaces) Namespace string `protobuf:"bytes,5,opt,name=namespace,proto3" json:"namespace,omitempty"` // Types that are assignable to AuthType: // *VaultCA_TokenSecretRef // *VaultCA_KubernetesAuth AuthType isVaultCA_AuthType `protobuf_oneof:"auth_type"` // contains filtered or unexported fields }
func (*VaultCA) Descriptor
deprecated
added in
v1.1.0
func (*VaultCA) GetAuthType ¶ added in v1.1.0
func (m *VaultCA) GetAuthType() isVaultCA_AuthType
func (*VaultCA) GetCaBundle ¶ added in v1.1.0
func (*VaultCA) GetCsrPath ¶ added in v1.1.0
func (*VaultCA) GetKubernetesAuth ¶ added in v1.1.0
func (x *VaultCA) GetKubernetesAuth() *VaultKubernetesAuth
func (*VaultCA) GetNamespace ¶ added in v1.1.0
func (*VaultCA) GetTokenSecretRef ¶ added in v1.1.0
func (*VaultCA) ProtoMessage ¶ added in v1.1.0
func (*VaultCA) ProtoMessage()
func (*VaultCA) ProtoReflect ¶ added in v1.1.0
func (x *VaultCA) ProtoReflect() protoreflect.Message
type VaultCA_KubernetesAuth ¶ added in v1.1.0
type VaultCA_KubernetesAuth struct { // Kubernetes authenticates with Vault by passing the ServiceAccount // token stored in the named Secret resource to the Vault server. KubernetesAuth *VaultKubernetesAuth `protobuf:"bytes,8,opt,name=kubernetes_auth,json=kubernetesAuth,proto3,oneof"` }
type VaultCA_TokenSecretRef ¶ added in v1.1.0
type VaultKubernetesAuth ¶ added in v1.1.0
type VaultKubernetesAuth struct { // The Vault mountPath here is the mount path to use when authenticating with // Vault. For example, setting a value to `/v1/auth/foo`, will use the path // `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the // default value "/v1/auth/kubernetes" will be used. MountPath string `protobuf:"bytes,1,opt,name=mount_path,json=mountPath,proto3" json:"mount_path,omitempty"` // A required field containing the Vault Role to assume. A Role binds a // Kubernetes ServiceAccount with a set of Vault policies. Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"` // Key to search for the sa_token // Default to "token" SecretTokenKey string `protobuf:"bytes,3,opt,name=secret_token_key,json=secretTokenKey,proto3" json:"secret_token_key,omitempty"` // The method by which to get the service account token. // If unspecified will default to mounted_sa_path // // Types that are assignable to ServiceAccountLocation: // *VaultKubernetesAuth_ServiceAccountRef // *VaultKubernetesAuth_MountedSaPath ServiceAccountLocation isVaultKubernetesAuth_ServiceAccountLocation `protobuf_oneof:"service_account_location"` // contains filtered or unexported fields }
func (*VaultKubernetesAuth) Descriptor
deprecated
added in
v1.1.0
func (*VaultKubernetesAuth) Descriptor() ([]byte, []int)
Deprecated: Use VaultKubernetesAuth.ProtoReflect.Descriptor instead.
func (*VaultKubernetesAuth) Equal ¶ added in v1.1.0
func (m *VaultKubernetesAuth) Equal(that interface{}) bool
Equal function
func (*VaultKubernetesAuth) GetMountPath ¶ added in v1.1.0
func (x *VaultKubernetesAuth) GetMountPath() string
func (*VaultKubernetesAuth) GetMountedSaPath ¶ added in v1.1.0
func (x *VaultKubernetesAuth) GetMountedSaPath() string
func (*VaultKubernetesAuth) GetRole ¶ added in v1.1.0
func (x *VaultKubernetesAuth) GetRole() string
func (*VaultKubernetesAuth) GetSecretTokenKey ¶ added in v1.1.0
func (x *VaultKubernetesAuth) GetSecretTokenKey() string
func (*VaultKubernetesAuth) GetServiceAccountLocation ¶ added in v1.1.0
func (m *VaultKubernetesAuth) GetServiceAccountLocation() isVaultKubernetesAuth_ServiceAccountLocation
func (*VaultKubernetesAuth) GetServiceAccountRef ¶ added in v1.1.0
func (x *VaultKubernetesAuth) GetServiceAccountRef() *v1.ObjectRef
func (*VaultKubernetesAuth) ProtoMessage ¶ added in v1.1.0
func (*VaultKubernetesAuth) ProtoMessage()
func (*VaultKubernetesAuth) ProtoReflect ¶ added in v1.1.0
func (x *VaultKubernetesAuth) ProtoReflect() protoreflect.Message
func (*VaultKubernetesAuth) Reset ¶ added in v1.1.0
func (x *VaultKubernetesAuth) Reset()
func (*VaultKubernetesAuth) String ¶ added in v1.1.0
func (x *VaultKubernetesAuth) String() string
type VaultKubernetesAuth_MountedSaPath ¶ added in v1.1.0
type VaultKubernetesAuth_MountedSaPath struct { // File System path to grab the service account token from. // Defaults to /var/run/secrets/kubernetes.io/serviceaccount MountedSaPath string `protobuf:"bytes,5,opt,name=mounted_sa_path,json=mountedSaPath,proto3,oneof"` }
type VaultKubernetesAuth_ServiceAccountRef ¶ added in v1.1.0
Source Files ¶
- ca_options.pb.equal.go
- ca_options.pb.go
- certificate_request.pb.equal.go
- certificate_request.pb.go
- clients.go
- doc.go
- issued_certificate.pb.equal.go
- issued_certificate.pb.go
- json.gen.go
- pod_bounce_directive.pb.equal.go
- pod_bounce_directive.pb.go
- proto_deepcopy.go
- register.go
- type_helpers.go
- types.go
- vault_ca.pb.equal.go
- vault_ca.pb.go
- zz_generated.deepcopy.go
Directories ¶
Path | Synopsis |
---|---|
Definitions for the Kubernetes Controllers Definitions for the multicluster Kubernetes Controllers Definitions for the Kubernetes Controllers
|
Definitions for the Kubernetes Controllers Definitions for the multicluster Kubernetes Controllers Definitions for the Kubernetes Controllers |
mocks
Package mock_controller is a generated GoMock package.
|
Package mock_controller is a generated GoMock package. |
Package mock_v1 is a generated GoMock package.
|
Package mock_v1 is a generated GoMock package. |
mocks
Package mock_v1sets is a generated GoMock package.
|
Package mock_v1sets is a generated GoMock package. |