certificate

package

v0.7.1 Latest Latest Go to latest Published: Jun 5, 2020 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/vmware-tanzu/antrea

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type CACertController
- func ApplyServerCert(selfSignedCert bool, client kubernetes.Interface, ...) (*CACertController, error)

Constants ¶

View Source

const (
	// The namespace and name of the ConfigMap that will hold the CA certificate
	// that signs the TLS certificate of antrea-controller.
	CAConfigMapNamespace = "kube-system"
	CAConfigMapName      = "antrea-ca"
	CAConfigMapKey       = "ca.crt"
)

View Source

const (
	// The namespace and name of the Secret that holds user-provided TLS certificate.
	TLSSecretNamespace = "kube-system"
	TLSSecretName      = "antrea-controller-tls"
	// The names of the files that should contain the CA certificate and the TLS key pair.
	CACertFile  = "ca.crt"
	TLSCertFile = "tls.crt"
	TLSKeyFile  = "tls.key"
)

Variables ¶

View Source

var (

	// The DNS names that the TLS certificate will be signed with.
	// TODO: Although antrea-agent and kube-aggregator only verify the server name "antrea.kube-system.svc",
	// We should add the whole FQDN "antrea.kube-system.svc.<Cluster Domain>" as an alternate DNS name when
	// other clients need to access it directly with that name.
	AntreaServerNames = []string{
		"antrea.kube-system.svc",
	}
)

Functions ¶

This section is empty.

Types ¶

type CACertController ¶

type CACertController struct {
	// contains filtered or unexported fields
}

CACertController is responsible for taking the CA certificate from the caContentProvider and publishing it to the ConfigMap and the APIServices.

func ApplyServerCert ¶

func ApplyServerCert(selfSignedCert bool, client kubernetes.Interface, aggregatorClient clientset.Interface, secureServing *options.SecureServingOptionsWithLoopback) (*CACertController, error)

func (*CACertController) Enqueue ¶

func (c *CACertController) Enqueue()

Enqueue will be called after CACertController is registered as a listener of CA cert change.

func (*CACertController) Run ¶

func (c *CACertController) Run(workers int, stopCh <-chan struct{})

Run starts the CACertController and blocks until stopCh is closed.

func (*CACertController) RunOnce ¶

func (c *CACertController) RunOnce() error

RunOnce runs a single sync step to ensure that we have a valid starting configuration.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL