controllermanager

package
v0.36.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 9, 2024 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Overview

Package controllermanager provides an entrypoint into running all of the controllers that run as a part of Pinniped.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func PrepareControllers

func PrepareControllers(c *Config) (controllerinit.RunnerBuilder, error)

PrepareControllers prepares the controllers and their informers and returns a function that will start them when called.

Types

type Config

type Config struct {
	// ServerInstallationInfo provides the name of the pod in which Pinniped is running and the namespace in which Pinniped is deployed.
	ServerInstallationInfo *downward.PodInfo

	// APIGroupSuffix is the suffix of the Pinniped API that should be targeted by these controllers.
	APIGroupSuffix string

	// NamesConfig comes from the Pinniped config API (see api.Config). It specifies how Kubernetes
	// objects should be named.
	NamesConfig *concierge.NamesConfigSpec

	// KubeCertAgentConfig comes from the Pinniped config API (see api.Config). It configures how
	// the kubecertagent package's controllers should manage the agent pods.
	KubeCertAgentConfig *concierge.KubeCertAgentSpec

	// ImpersonationProxyServerPort decides which port the impersonation proxy should bind.
	ImpersonationProxyServerPort int

	// DiscoveryURLOverride allows a caller to inject a hardcoded discovery URL into Pinniped
	// discovery document.
	DiscoveryURLOverride *string

	// DynamicServingCertProvider provides a setter and a getter to the Pinniped API's serving cert.
	DynamicServingCertProvider dynamiccert.Private

	// DynamicSigningCertProvider provides a setter and a getter to the Pinniped API's
	// signing cert, i.e., the cert that it uses to sign certs for Pinniped clients wishing to login.
	// This is filled with the Kube API server's signing cert by a controller, if it can be found.
	DynamicSigningCertProvider dynamiccert.Private

	// ImpersonationSigningCertProvider provides a setter and a getter to the CA cert that should be
	// used to sign client certs for authentication to the impersonation proxy. This CA is used by
	// the TokenCredentialRequest to sign certs and by the impersonation proxy to check certs.
	// When the impersonation proxy is not running, the getter will return nil cert and nil key.
	// (Note that the impersonation proxy also accepts client certs signed by the Kube API server's cert.)
	ImpersonationSigningCertProvider dynamiccert.Provider

	// ImpersonationProxyTokenCache holds short-lived tokens for the impersonation proxy service account.
	ImpersonationProxyTokenCache tokenclient.ExpiringSingletonTokenCacheGet

	// ServingCertDuration is the validity period, in seconds, of the API serving certificate.
	ServingCertDuration time.Duration

	// ServingCertRenewBefore is the period of time, in seconds, that pinniped will wait before
	// rotating the serving certificate. This period of time starts upon issuance of the serving
	// certificate.
	ServingCertRenewBefore time.Duration

	// AuthenticatorCache is a cache of authenticators shared amongst various authenticated-related controllers.
	AuthenticatorCache *authncache.Cache

	// Labels are labels that should be added to any resources created by the controllers.
	Labels map[string]string
}

Config holds all the input parameters to the set of controllers run as a part of Pinniped.

It is used to inject parameters into PrepareControllers.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL