Documentation
¶
Index ¶
- Constants
- func Mutate(admReview v1beta1.AdmissionReview, pod *corev1.Pod, secretName string, ...) (mutated v1beta1.AdmissionReview)
- type TLSController
- func (s TLSController) AcceptWebhook(w http.ResponseWriter, r *http.Request)
- func (s TLSController) DebugAcceptWebhook(w http.ResponseWriter, r *http.Request)
- func (s TLSController) DebugCopyWebhook(w http.ResponseWriter, r *http.Request)
- func (s TLSController) DebugParseWebhook(w http.ResponseWriter, r *http.Request)
- func (s TLSController) ServicesAcceptWebhook(w http.ResponseWriter, r *http.Request)
Constants ¶
const ( // SecretMountPath is a location that the KubeTLS server will automount secrets to. // It matches other automatically generated secrets, like the ServiceAccountToken and // AWS's OAUTH implementation. SecretMountPath = "/var/run/secrets/gauntletwizard.net/tls" )
Variables ¶
This section is empty.
Functions ¶
func Mutate ¶
func Mutate(admReview v1beta1.AdmissionReview, pod *corev1.Pod, secretName string, generatedName bool) (mutated v1beta1.AdmissionReview)
Types ¶
type TLSController ¶
type TLSController struct {
Ss serviceService.ServiceService
Tlss tlsService.TlsService
// contains filtered or unexported fields
}
TLSController is a controller that implements our Webhooks
This assumes that the requests have come just from within the cluster, which should be enforced by checking the client certificate
func NewTLSController ¶
func NewTLSController() TLSController
NewTLSController is deprecated; instantiation is done in cmd/ instead
func (TLSController) AcceptWebhook ¶
func (s TLSController) AcceptWebhook(w http.ResponseWriter, r *http.Request)
AcceptWebhook handles a Kubernetes AdmissionRequest https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#request
func (TLSController) DebugAcceptWebhook ¶
func (s TLSController) DebugAcceptWebhook(w http.ResponseWriter, r *http.Request)
DebugAcceptWebhook parses the request, prints it to stdout, and returns an "allow" review.
func (TLSController) DebugCopyWebhook ¶
func (s TLSController) DebugCopyWebhook(w http.ResponseWriter, r *http.Request)
DebugCopyWebhook simply writes the HTTP Request body back to the response
func (TLSController) DebugParseWebhook ¶
func (s TLSController) DebugParseWebhook(w http.ResponseWriter, r *http.Request)
DebugParseWebhook does a roundtrip Unmarshal -> Marshall of the received
func (TLSController) ServicesAcceptWebhook ¶
func (s TLSController) ServicesAcceptWebhook(w http.ResponseWriter, r *http.Request)
ServicesAcceptWebhook handles a Kubernetes AdmissionRequest It differs from the "standard" webhook in that it creates a secret for a set of (serviceaccount, []services), potentially speeding up admission time (but forefeiting the per-pod hostname)
Source Files