Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( SelfSigned SignedWay = "SelfSigned" CSRSigned SignedWay = "CSRSigned" CSRBaseOrganization = "system:nodes" CSRCommonNamePrefix = "system:node:" )
Functions ¶
This section is empty.
Types ¶
type CertInfo ¶
type CertInfo struct {
// client verify Certificate
CABundle []byte
// server load
TLSKey []byte
TLSCert []byte
}
func BuildWebhookCertInfoWithCSR ¶
func BuildWebhookCertInfoWithCSR(client api.MingleClient, svcOpts *selfsigned.CertOptions) (*CertInfo, error)
BuildWebhookCertInfoWithCSR build Cert with CertificateSigningRequests
- completedSVCOption: completed svcOpts with Organization and CommonName Organization: must have "system:nodes" CommonName: must start with "system:node:", default is "system:node:symcn-webhook"
- submitCSR
- approveCSR
- readSignedCertificate
This way may use those rules:
- apiGroups: ["certificates.k8s.io"] resources: ["certificatesigningrequests"] verbs: ["create", "get", "watch"]
- apiGroups: ["certificates.k8s.io"] resources: ["certificatesigningrequests/approval"] verbs: ["update"]
- apiGroups: ["certificates.k8s.io"] resources: ["signers"] resourceNames: ["kubernetes.io/kubelet-serving"] verbs: ["approve"]
func BuildWebhookCertInfoWithSelf ¶
func BuildWebhookCertInfoWithSelf(rootOpts, svcOpts *selfsigned.CertOptions, expireTime time.Duration) (*CertInfo, error)
func (*CertInfo) SaveTLSToPath ¶
SaveTLSToDir save TLSKey and TLSCert to path filename is tls.key and tls.crt
func (*CertInfo) UpdateCABundleToMutatingWebhook ¶
func (ci *CertInfo) UpdateCABundleToMutatingWebhook(client api.MingleClient, mutatingName, svcName, svcNamespace string) error
UpdateCABundleToMutatingWebhook update CABundle to MutatingWebhookConfigurations use this way need those rules:
- apiGroups: ["admissionregistration.k8s.io"] resources: ["mutatingwebhookconfigurations"] verbs: ["get", "update"]
Source Files
Click to show internal directories.
Click to hide internal directories.