Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var Cmd = &cobra.Command{ Use: "controller", Short: "run certificate signing controller", Args: cobra.NoArgs, Long: `Signs CSR requests using Vaults 'sign-verbatim' endpoint. This controller must be given the RBAC ClusterRole "system:controller:certificate-controller" in order to function. It also requires sufficient permissions in vault to call the 'sign-verbatim' endpoint on the pki mount`, Run: func(cmd *cobra.Command, args []string) { client, err := api.NewClient(&api.Config{ Address: vaultAddr, MaxRetries: 10, }) if err != nil { glog.Exitf("create vault client: %s", err) } renewer := token.NewRenewer(client, vaultAuth) err = renewer.RunOnce() if err != nil { glog.Exitf("renewing vault token: %s", err) } config, err := clientcmd.BuildConfigFromFlags(masterAddr, kubeconfig) if err != nil { glog.Exitf("building kubernetes config from flags: %s", err) } clientset, err := kubernetes.NewForConfig(config) if err != nil { glog.Fatalf("create kubernetes config: %s", err) } factory := informers.NewSharedInformerFactory(clientset, time.Minute*5) signing, err := signer.NewVaultSigningController( clientset, factory.Certificates().V1beta1().CertificateSigningRequests(), client, pkiMount, pkiRole, ) if err != nil { glog.Fatalf("create vault signing controller: %s", err) } ctx, cancel := context.WithCancel(context.Background()) wg, ctx := errgroup.WithContext(ctx) wg.Go(func() error { signing.Run(workers, ctx.Done()) return nil }) wg.Go(func() error { return renewer.Run(ctx.Done()) }) term := make(chan os.Signal) signal.Notify(term, os.Interrupt, syscall.SIGTERM) select { case <-term: glog.Info("received SIGTERM, exiting gracefully...") case <-ctx.Done(): } cancel() if err := wg.Wait(); err != nil { glog.Fatalf("unhandled error received: %s", err) } }, }
Functions ¶
This section is empty.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.